1. To visit protected / private sections of the forum you must be connected with your user account. If you are not yet a member of our forum, you can create it now for free!.

User Tag List

Thread: Trying to understand some things from tinba

Results 1 to 2 of 2

  1. #1
    Myrsire's Avatar
    Senior Member
    Join Date Jul 2014
    Posts 220
    Like (Stats)
    Mentioned
    7 Post(s)
    Tagged
    0 Thread(s)
    Quoted
    61 Post(s)

    Trying to understand some things from tinba

    So first off, I'm not the best at masm, and I am still learning a lot about it. I was taking a look back at how tinba hides its registry values, and some things are baffling me here.

    Code:
    ; Hide Value (replace by next)
    	inc p2			; Next dwIndex
    	inc nHdnCount	; Increase counter (for delta)
    	popad
    	jmp @RealRegEnumValue
    So whats I think is going on here is that its taking the dwIndex of the next item in the registry, popading it onto a register, and then putting that index in place of the old index in the registry, thus hiding it? A little bit of insight here would greatly help my skid mind out a bit.

    BRB, PARTYVAN IS HERE.
  2. #2
    4nxiety's Avatar
    Member
    Join Date May 2010
    Location In Hell
    Posts 74
    Like (Stats)
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)
    Quoted
    2 Post(s)
    So first off, I'm not the best at masm, and I am still learning a lot about it. I was taking a look back at how tinba hides its registry values, and some things are baffling me here.

    Code:
    ; Hide Value (replace by next)
    	inc p2			; Next dwIndex
    	inc nHdnCount	; Increase counter (for delta)
    	popad
    	jmp @RealRegEnumValue
    So whats I think is going on here is that its taking the dwIndex of the next item in the registry, popading it onto a register, and then putting that index in place of the old index in the registry, thus hiding it? A little bit of insight here would greatly help my skid mind out a bit.
    If I can see the entire chain, I could tell you.


    See ya in the partyvan.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Source code of Tinba banking malware leaked
    By VOLKOV in forum Tutorials and Articles
    Replies: 3
    Last Post: 12-07-2014, 18:36
  2. To understand these codes
    By private in forum General Programming Help
    Replies: 4
    Last Post: 28-04-2009, 02:28

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts