Closed YuugenP closed 7 years ago
lol, I'm not expert. but I can help you except malicious things.
It's pretty interesting on how Touhou stores its score data. Anything else you found interesting about this?
Thinking on almost the same topic, can you teach me on how to get data from programs like that?
I used Windows API Function, with DllImport. I commented url and specification what methods are getting/setting values of other processes.
and the method that find out "level" value as int, it was assumption. when I search values for getting level value with CheatEngine, 1/2/4 byte address (and It's all same) are pointed same value.
This is just the whole thing without the th12.exe or the UI right? This is already interesting on it's own but I don't see where the encryption thing is...
Encryption procedure was so malicious, so I cut it off. I give you some hint, get all logical drives, and iterate try-catch for each directories in each drives.
because there's unaccessible directories without administrator privileges...
This is in C#, right? I'll try getting into that. Many thanks for the information. m( )m
Yes. it is written in C#.
Can I ask where to get the ransomeware? I actually test viruses, and I love TH, so it'd be pretty neat to grab it. Any way I could? Thanks!
maybe you can get more sophisticated version of ransomeware from here : https://github.com/goliate/hidden-tear
I uploaded the cut version of rensenWare, which is removed every malicious features except the Memory Reading/Writting Logic.
I'm actually requesting the original version, as I will be running it in a VM just to see it's encryption payload and such, if at all possible.
Sorry. I decided to distribute entire source code to trustworthy person (e.g. personnel of security company, etc.) only.
That's fine. Thanks again! <3
Also, can you teach me more about these kind of stuffs? I indeed wanted to learn from an experienced programmer like you.