0x00000FF
commented
7 years ago lol, I'm not expert. but I can help you except malicious things.
Closed YuugenP closed 7 years ago
0x00000FF
commented
7 years ago lol, I'm not expert. but I can help you except malicious things.
YuugenP
commented
7 years ago It's pretty interesting on how Touhou stores its score data. Anything else you found interesting about this?
YuugenP
commented
7 years ago Thinking on almost the same topic, can you teach me on how to get data from programs like that?
0x00000FF
commented
7 years ago I used Windows API Function, with DllImport. I commented url and specification what methods are getting/setting values of other processes.
0x00000FF
commented
7 years ago and the method that find out "level" value as int, it was assumption. when I search values for getting level value with CheatEngine, 1/2/4 byte address (and It's all same) are pointed same value.
YuugenP
commented
7 years ago This is just the whole thing without the th12.exe or the UI right? This is already interesting on it's own but I don't see where the encryption thing is...
0x00000FF
commented
7 years ago Encryption procedure was so malicious, so I cut it off. I give you some hint, get all logical drives, and iterate try-catch for each directories in each drives.
because there's unaccessible directories without administrator privileges...
YuugenP
commented
7 years ago This is in C#, right? I'll try getting into that. Many thanks for the information. m( )m
0x00000FF
commented
7 years ago Yes. it is written in C#.
ToransuShoujo
commented
7 years ago Can I ask where to get the ransomeware? I actually test viruses, and I love TH, so it'd be pretty neat to grab it. Any way I could? Thanks!
0x00000FF
commented
7 years ago maybe you can get more sophisticated version of ransomeware from here : https://github.com/goliate/hidden-tear
0x00000FF
commented
7 years ago I uploaded the cut version of rensenWare, which is removed every malicious features except the Memory Reading/Writting Logic.
ToransuShoujo
commented
7 years ago I'm actually requesting the original version, as I will be running it in a VM just to see it's encryption payload and such, if at all possible.
0x00000FF
commented
7 years ago Sorry. I decided to distribute entire source code to trustworthy person (e.g. personnel of security company, etc.) only.
ToransuShoujo
commented
7 years ago That's fine. Thanks again! <3
Also, can you teach me more about these kind of stuffs? I indeed wanted to learn from an experienced programmer like you.