dap and loads of crap!!

Using process monitor from sysinternals [MS - property currently ] I found that dap checks specific registry key for its downloading file ,so here is what you can do to backup a dap file [DAP 8 was used in this article] :

-Go to registry editor [run->regedit] and find this key [HKEY_CURRENT_USER\Software\SpeedBit\Download Accelerator\FileList\] here you can find various CLSID key names relevant for every file on download list, each one contains a variety of important information regarding downloading segments ,current downloaded size,file size,file URL address...etc try to find the CLSID relevant to your downaloding file that you want to backup ,by looking for either [Item_ShortFilename] or [Item_MainURL] values [they are string values] ,and then right click on that CLSID key and hit export ,to be saved as .reg ext file .

-Go to your downloading directory [for e.g: My Documents\My Completed Downloads\] and find the name of [wanted to be backuped] with .dap extension copy it [backup it] but you have to remember the exact name of the original file.

And now if anything happened with dap and removed your downloading in progress file you can return the download in progess from the point where you backuped tha file by :

-Shutting down dap

-Copying the file with its authentic name that with .dap extension to the dap downloading folder

-Execute the .reg file you created and by that restoring all information regarding download file

-Run dap again ..

And you will see the downloading in progress file that you wanted to protect from ev0l dap :lol:

I tested the above while downloading a movie file,so I dont know if it will corrupt a binary file ,zip,rar ,etc.. files .To be on the safe side I recommend to follow the steps as above ,that you create the .reg before backuping the .dap file ,so as not to mess up with segments progressing download point.

-------------------------------------------------
There is a story behind it -- ;)

Smilar pages

code snippet-1

call @f
db "hello!! marhaba :) ",0
@@:
invoke MessageBox,0,[esp+8],0,0
pop eax
ret

Smilar pages

SEH the proper way

SEH[Structured Exception Handling] it is a routine to carry out handling errors in our program rather than the system ,take windows for example it is by default shows an error message when ever your program tries to read from non-accessable memory ,do int 3 ...etc for more informations [see wikipedia or Microsoft System Journal]
I always did the following inorder to setup SEH :

assume fs:nothing
push offset handle_errors ;our procedure in handling errors
push fs:[0]
mov fs:[0],esp
int 3 ;inorder to raise the exception

handle_errors:
invoke ExitProcess,0


but what was bothering me is that I didnt know how return the old registers values back especially esp. Then I found out that SEH procedure takes parameters [thanx to y0da for this info] as this:

SehHandler PROC pExcept:DWORD,pFrame:DWORD,pContext:DWORD,pDispatch:DWORD

so from that I fgured out that after SEH is completed and our SEH procedure is launched system will give us an important pointer which is a pointer to Context structure !!
since I didnt like the PROC method ,and like labels method :) I did this inorder to get esp back!!

assume fs:nothing
push offset handle_errors
push fs:[0]
mov fs:[0],esp
int 3

handle_errors:
mov eax,[esp+12] ;3 x 4bytes !! fugure out why :)
mov eax,dword ptr [eax+184+12] ;184 will point to eip and the +12 will point to esp!!
mov esp,eax
pop fs:[0]
pop eax ;now esp is restored :D

ofcourse you can use the following

assume eax:PTR CONTEXT ;CONTEXT STRUCT is defined in windows.inc in masm32 package
mov eax,[esp+12]
mov esp,[eax].regEsp
pop fs:[0]
pop eax ;and we have the esp back !


thats all

Smilar pages

Messing up with YIM

Months ago someone asked me that if the login picture(animated one) of Yahoo Instant Messenger changeable or not ,that time I was not interested indeed ,I thought it is something to do with yahoo binaries or something like that, today I was messing up with yahoo trying to see what is all that buzz about it especially in tmy country see some of yahoo messenger tools that someone interested to build www.zaidrix.com .

So lets get down with the bissiness inorder to change yahoo login picture simply go to yahoo messenger directory
in my pc:
C:\Program Files\Yahoo!\Messengerand backup the login.swf ,and then put any picture of yours like .jpg,.bmp,.gif ,or .swf that you made and rename that file to login.swf ,of course not to mention to shut off yahoo messenger first .

Now Launch the messenger and there should be a picture you have chosen displayed .
[The above tested on yahoo messenger 7]

Smilar pages

Twisted way to loop!!

Hey there ,
Today I was messing around with esp (again) and found a funny way to create an infinite loop :)

call @f
@@:
sub dword ptr [esp],5 ;where call @f takes five bytes!
invoke Sleep,1000
ret

Of course an infinite loop could be something like this :

@@:
invoke Sleep,1000
jmp @b

I put the Sleep() so as not to consume 100% cpu resources ,so you can simply ommit it, any other thoughts and code snippets I would be glad to see placed comments

*The above code snippets was tested on masm32
-------------------------------------------------------------------
[Note: The @f will point to the next @@ ,and @b will point to the previous @@]

Smilar pages