Windows Multi-Lang OPcodes DB - HeapOverflow Computer Security Community & Forums : Heap Overflow.com

HeapOverflow Computer Security Community & Forums : Heap Overflow.com

		HeapOverflow Computer Security Community & Forums : Heap Overflow.com > Computer Security: Discussions > Applications, Tools & Papers
Windows Multi-Lang OPcodes DB

Mark Forums Read

Notices

Welcome to you visitor! This community is mainly dedicated to the computer and security, if you're looking for DFind scanner or others exploits codes you will find them into the Projects section, feel free to start Blogging and remember to always keep an eye and start talking about security Advisories & public Exploits.

Applications, Tools & Papers Discuss about security applications, tools, papers, etc...

Windows Multi-Lang OPcodes DB

This is a discussion on "Windows Multi-Lang OPcodes DB" within the Applications, Tools & Papers part of the Computer Security: Discussions section; Hi, as you probably all know, Windows DLLs have different base addresses across Windows/SP/languages so i think it could be usefull to try to build a multi-lang opcodes database, isn't it? so, i have done VERY ...

Reply

#1 (permalink)

Old

26-08-05

J-A is offline

Junior Member

Join Date: Jun 2005

Posts: 7

Thanks: 0

Thanked 0 Times in 0 Posts

Rep Power: 6

J-A is on a distinguished road

Default

Windows Multi-Lang OPcodes DB

Hi,

as you probably all know, Windows DLLs have different base addresses
across Windows/SP/languages
so i think it could be usefull to try to build a multi-lang opcodes
database, isn't it?
so, i have done VERY QUICKLY a little package based on a .BAT and some
tools :

Files included in the package:

* OPCODES_LIST.bat : (horrible) Main batch file
MD5: c43d4167f7352c211a97f8cf21cd0458
SHA1: eb2f62912c9311351540dfc0237000e7bf090070

* Psinfo.exe : tool from sysinternals.com to retrieve windows system
informations ans the list of installed hotfixs (trying also to use the
Windows 2003 "wmic qfe" command) (could be long...)
MD5: 2c18e62e9902b0a258e6a64ab812f02c
SHA1: 0188d8836ba6a2a198abcfee9ae730b4ce0521aa

pdh.dll
MD5: 8542b31187bd1035a2311324c23e66b1
SHA1: ecc77cd54061745273af9750c55c1434c24bcd74

* reg.exe : tool present on XP but not on all 2000... used to retrieve
the OS language (languages codes list included in the bat)
MD5: 5bc49b61651edbc0a80d2de16d7f422c
SHA1: 7a778b97bf7b68247e0b212a81c952118c1ba45a

* Findjmp2.exe : tool by Class101 to retrieve the opcodes in memory
(DLLs searched : KERNEL32.DLL, NTDLL.DLL, USER32.DLL, SHELL32.DLL,
GDI32.DLL, WS2_32.DLL, WS2HELP.DLL)
(registers searched : EAX, EBX, ECX, EDX, ESI, EDI, ESP, EBP)
MD5: 3909e20cb55ea82b01a3b593d0cc59b6
SHA1: 174169d18b039fcd11ee1507d0a7f8e4230ed717

* LISTDLLS.exe : tool from sysinternals.com used to retrieve the
versions of DLLs
MD5: bb5f0e1d03f4e32261bb0964fc3b0e9d
SHA1: c6081622207ec53f6400a6312a87cf350333996b

* mycrc.exe : tool by Luigi Auriemma to check files checksums (MD5,
SHA1, ...)
MD5: 5473219dd371630c1e7d7e7fa1ddd53f
SHA1: 37c71403ed231dd9cb9a6e97c869e7275372ba12

* grep.exe : used to parse a litlle bit the output
MD5: 9e05a9c264c8a908a8e79450fcbff047
SHA1: 0ab5c2b1c3c637cbe82564d6d9ed34a78c901cb7

* uniq.exe : used to parse a litlle bit the output

PLEASE NOTE :

1) we can do better and more simple!!!, so if you want: JUST DO IT and
please don't flame!
2) the output is far to be clean! but could be easily parsed with a
simple script...

For guy who want to help; please send me the resulting
"OPCODES_LIST.TXT" file to :

jerome.athias () free fr

(PLEASE REMOVE ALL PERSONNAL DATA IN THE FILE!

.
Then i'll try to check all the files and start to build something, of
course publicly available.

The package is available for download at:

http://www.athias.fr/OPCODES_LIST.RAR
MD5: c4a7d4eba31afafb67ef488dda7cf19e
SHA1: c99a98741a8365fe6872a2347d0b05891188c584

Please let me know missing things...

Thank you.
/JA

Reply With Quote

Sponsor

Advertiser

#2 (permalink)

Old

29-08-05

class101 is offline

Administrator

Join Date: May 2005

Location: France

Age: 27

Posts: 592

Blog Entries: 3

Thanks: 18

Thanked 7 Times in 7 Posts

Rep Power: 10

class101 has disabled reputation

Send a message via MSN to class101

Default

dunno if you are able to build this but it would be a nice idea I think to build a perl/cgi script as did matt miller at msf to put your DB online jerome, I mean something that you can reach and use at www.athias.fr/international-opcodes/ , you will probably receive more contributions.

__________________
Security community webmaster
100% Free Directory
100% Cool milw0rm javascript

Reply With Quote

#3 (permalink)

Old

29-08-05

J-A is offline

Junior Member

Join Date: Jun 2005

Posts: 7

Thanks: 0

Thanked 0 Times in 0 Posts

Rep Power: 6

J-A is on a distinguished road

Default

will be done don't worry...
just need some time ;-)

Reply With Quote

#4 (permalink)

Old

30-08-05

J-A is offline

Junior Member

Join Date: Jun 2005

Posts: 7

Thanks: 0

Thanked 0 Times in 0 Posts

Rep Power: 6

J-A is on a distinguished road

Default

this is some results:

http://www.athias.fr/international-opco ... LL.DLL.htm

http://www.athias.fr/international-opco ... 32.DLL.htm

any deutsch opcodes Class? ;-)

Reply With Quote

#5 (permalink)

Old

31-08-05

class101 is offline

Administrator

Join Date: May 2005

Location: France

Age: 27

Posts: 592

Blog Entries: 3

Thanks: 18

Thanked 7 Times in 7 Posts

Rep Power: 10

class101 has disabled reputation

Send a message via MSN to class101

Default

nop sorry man, try to Pm Weissbierwaldi dunno , maybe by chance he will have what you need, he's deutsch.

__________________
Security community webmaster
100% Free Directory
100% Cool milw0rm javascript

Reply With Quote

#6 (permalink)

Old

31-08-05

Yog-Sotho is offline

Member

Join Date: Jul 2005

Location: Italy

Posts: 62

Thanks: 0

Thanked 0 Times in 0 Posts

Rep Power: 17

Yog-Sotho is on a distinguished road

Default

Good french buddy...

Ciao Jerome!

I'm the italian guy who answered to your request of OPcodes. As soon as I have the possibilty, I'll run that BAT on my home's PC so I'll have enough privilegies to run the .exes inside your package.

Good work btw... and keep on doing this way!

Cheers

Yog

Reply With Quote

#7 (permalink)

Old

05-05-06

rk_guns is offline

Junior Member

Join Date: May 2006

Posts: 3

Thanks: 0

Thanked 0 Times in 0 Posts

Rep Power: 4

rk_guns is on a distinguished road

Default

tealnice work man....but i was not able to compile the the files in the exe.....dnt wats wrong.....

Reply With Quote

Sponsor

Advertiser

Reply

Tags
multilang, opcodes, windows

« FORTIFY_SOURCE | Hi I have a heap overflow problem, who can help me? »

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode

Posting Rules
You may not post new threads You may not post replies You may not post attachments You may not edit your posts BB code is On Smilies are On [IMG] code is On HTML code is Off Trackbacks are On Pingbacks are On Refbacks are On

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
CVE-2007-0069 (windows-nt, Windows Server 2003, Windows Vista)	Heap	Advisories	0	09-01-08 19:55
MS Windows NetpIsRemote() Remote Overflow Exploit (MS06-040)	DiGiTALSTAR	Public	0	28-08-06 21:24
Microsoft Windows Media Player BMP Handling Buffer Overflow	9 Below Zero	Public	0	16-02-06 08:14
new IE bug (confirmed on ALL windows)	class101	Security discussions	0	01-11-05 18:19
IpSwitch IMAP Server LOGON stack overflow		0day	8	11-06-05 17:09

heapoverflow.com - SEOmeter SEO tools

Locations of visitors to this page

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47