Sothink AoB finder
-migrated-
Sothink AoB finder Posted on: 11/13/2010 9:37am
Quote Post
This program generates the AoB from the raw data put in it.
works perfectly with a copy & paste from sothink

[attachment=0:mtqzhsak]S0th1nk C0d3 F1nd3r.rar[/attachment:mtqzhsak]

Update Log:
Code: [Select]
Version 1.00 - first release
Version 1.10 - fixed the space bug and included
Version 1.15 fixed the bug on the other textbox (silly me :D)

for example, if you put in
Code: [Select]
//d0
_as3_getlocal <0>
//66 bd 08
_as3_getproperty _root
//62 05
_as3_getlocal <5>
//66 af 01
_as3_getproperty x
//62 05
_as3_getlocal <5>
//66 b0 01
_as3_getproperty y
//24 64
_as3_pushbyte 100

it would give you
Code: [Select]
d0 66 bd 08 62 05 66 af 01 62 05 66 b0 01 24 64
Virus Scan:
original: http://www.virustotal.com/file-scan/report.html?id=08834af8b355215f61aeb530f43bc208b78a119039dfd2061f92693e4ce031a2-1289640776
File name:
S0th1nk C0d3 F1nd3r.exe
Submission date:
2010-11-13 09:32:56 (UTC)
Current status:
queued queued (#3) analysing finished
Result:
0/ 41 (0.0%)
   
VT Community

not reviewed
 Safety score: -
Compact
Print results
Antivirus    Version    Last Update    Result
AhnLab-V3   2010.11.13.00   2010.11.12   -
AntiVir   7.10.13.235   2010.11.12   -
Antiy-AVL   2.0.3.7   2010.11.13   -
Authentium   5.2.0.5   2010.11.13   -
Avast   4.8.1351.0   2010.11.12   -
Avast5   5.0.594.0   2010.11.12   -
AVG   9.0.0.851   2010.11.12   -
BitDefender   7.2   2010.11.13   -
CAT-QuickHeal   11.00   2010.11.09   -
ClamAV   0.96.4.0   2010.11.13   -
Comodo   6703   2010.11.13   -
DrWeb   5.0.2.03300   2010.11.13   -
eSafe   7.0.17.0   2010.11.11   -
eTrust-Vet   36.1.7973   2010.11.13   -
F-Prot   4.6.2.117   2010.11.13   -
F-Secure   9.0.16160.0   2010.11.13   -
Fortinet   4.2.249.0   2010.11.12   -
GData   21   2010.11.13   -
Ikarus   T3.1.1.90.0   2010.11.13   -
Jiangmin   13.0.900   2010.11.13   -
K7AntiVirus   9.67.2973   2010.11.12   -
McAfee   5.400.0.1158   2010.11.13   -
McAfee-GW-Edition   2010.1C   2010.11.12   -
Microsoft   1.6301   2010.11.13   -
NOD32   5616   2010.11.13   -
Norman   6.06.10   2010.11.12   -
nProtect   2010-11-13.01   2010.11.13   -
Panda   10.0.2.7   2010.11.12   -
PCTools   7.0.3.5   2010.11.13   -
Prevx   3.0   2010.11.13   -
Rising   22.73.03.06   2010.11.12   -
Sophos   4.59.0   2010.11.13   -
Sunbelt   7296   2010.11.13   -
SUPERAntiSpyware   4.40.0.1006   2010.11.13   -
Symantec   20101.2.0.161   2010.11.13   -
TheHacker   6.7.0.1.083   2010.11.13   -
TrendMicro   9.120.0.1004   2010.11.13   -
TrendMicro-HouseCall   9.120.0.1004   2010.11.13   -
VBA32   3.12.14.2   2010.11.12   -
ViRobot   2010.11.13.4145   2010.11.13   -
VirusBuster   12.75.1.0   2010.11.12   -
Additional information
Show all
MD5   : 9cc092b7f0175f77c69c7367e10c4399
SHA1  : 1727a74169845c75cee3d4fd6ed7744b2e046e20
SHA256: 08834af8b355215f61aeb530f43bc208b78a119039dfd2061f92693e4ce031a2

please give feedback!  (broken image removed)

Version 1.00 :[attachment=2:mtqzhsak]S0th1nk C0d3 F1nd3r.rar[/attachment:mtqzhsak]
Version 1.10 :[attachment=1:mtqzhsak]S0th1nk C0d3 F1nd3r.rar[/attachment:mtqzhsak]
Re: Sothink AoB finder Posted on: 11/13/2010 9:46am
Quote Post
TIM the Enchanter
Level: 1
ADR Info
You again...




Everything's coming up KongHack!

"When you know nothing matters, the universe is yours" ~Rick Sanchez

Re: Sothink AoB finder Posted on: 11/13/2010 9:52am
Quote Post
Quote from: "The Ignorant Masses"
You again...

yes...
sorry about last time but this time i am trying to help!
Re: Sothink AoB finder Posted on: 11/13/2010 9:54am
Quote Post
make it have a 3rd and 4th textbox

3rd textbox takes as input a string AoBTitle
4th textbox displays as output
Code: [Select]
[b]AoBTitle[/b]
AoB Search Val
AoB Replace Val

this way you can direct c&p to the board without needing to do anything. and its only one cp
Re: Sothink AoB finder Posted on: 11/13/2010 10:26am
Quote Post
Quote from: "satanicgurrl"
make it have a 3rd and 4th textbox

3rd textbox takes as input a string AoBTitle
4th textbox displays as output
Code: [Select]
[b]AoBTitle[/b]
AoB Search Val
AoB Replace Val

this way you can direct c&p to the board without needing to do anything. and its only one cp
nice idea!
working on it!
Re: Sothink AoB finder Posted on: 11/13/2010 10:40am
Quote Post
System Bot
Actually, if you put in:
Code: [Select]
   //d0
    _as3_getlocal <0>
    //66 bd 08
    _as3_getproperty _root
    //62 05
    _as3_getlocal <5>
    //66 af 01
    _as3_getproperty x
    //62 05
    _as3_getlocal <5>
    //66 b0 01
    _as3_getproperty y
    //24 64
    _as3_pushbyte 100

It gives you out:
Code: [Select]
 //d0  //66 bd 08  //62 05  //66 af 01  //62 05  //66 b0 01  //24 64

This post was imported from an account that no longer exists!
Previous Name: phreneticus
Re: Sothink AoB finder Posted on: 11/13/2010 10:44am
Quote Post
Quote from: "phreneticus"
Actually, if you put in:
Code: [Select]
   //d0
    _as3_getlocal <0>
    //66 bd 08
    _as3_getproperty _root
    //62 05
    _as3_getlocal <5>
    //66 af 01
    _as3_getproperty x
    //62 05
    _as3_getlocal <5>
    //66 b0 01
    _as3_getproperty y
    //24 64
    _as3_pushbyte 100


It gives you out:
Code: [Select]
 //d0  //66 bd 08  //62 05  //66 af 01  //62 05  //66 b0 01  //24 64

yeah - i'll have to fix the space bug - working on it XD
Re: Sothink AoB finder Posted on: 11/13/2010 10:52am
Quote Post
System Bot
Quote from: "hitandrun160"
yeah - i'll have to fix the space bug - working on it XD
There also shouldn't be any of these "//".

This post was imported from an account that no longer exists!
Previous Name: phreneticus
Re: Sothink AoB finder Posted on: 11/13/2010 12:46pm
Quote Post
I think hes not using regex
Code: [Select]
//(([a-zA-Zd]{2}s*)+) just off the top of my head ....capture group 1 will be the whole match, capture group 2 will be the last byte in the line,
Re: Sothink AoB finder Posted on: 11/13/2010 6:43pm
Quote Post
updated with the space bug fixed and including the idea from sataniccgurll
Re: Sothink AoB finder Posted on: 11/13/2010 6:49pm
Quote Post
System Bot
Quote from: "hitandrun160"
updated with the space bug fixed and including the idea from sataniccgurll
Thanks mate, it's quite useful for long AoBs. Karma for you! (broken image removed)

This post was imported from an account that no longer exists!
Previous Name: phreneticus
Re: Sothink AoB finder Posted on: 11/13/2010 9:47pm
Quote Post
just a trival problem but
in the second window i see
Code: [Select]
d066 bd 0862 0566 af 0162 0566 b0 0124 64as output for
Code: [Select]
   //d0
    _as3_getlocal <0>
    //66 bd 08
    _as3_getproperty _root
    //62 05
    _as3_getlocal <5>
    //66 af 01
    _as3_getproperty x
    //62 05
    _as3_getlocal <5>
    //66 b0 01
    _as3_getproperty y
    //24 64
    _as3_pushbyte 100

anyways this is def usefuls man, but for the issue above. also if you could add bbcode to the title oh and a copy to clipboard button.
ETA: even better would be copy to clipboard when you click the box.
Re: Sothink AoB finder Posted on: 11/14/2010 12:48am
Quote Post
System Bot
Quote from: "satanicgurrl"
just a trival problem but
in the second window i see
Code: [Select]
d066 bd 0862 0566 af 0162 0566 b0 0124 64as output for
Code: [Select]
   //d0
    _as3_getlocal <0>
    //66 bd 08
    _as3_getproperty _root
    //62 05
    _as3_getlocal <5>
    //66 af 01
    _as3_getproperty x
    //62 05
    _as3_getlocal <5>
    //66 b0 01
    _as3_getproperty y
    //24 64
    _as3_pushbyte 100
You have to remove the spaces on the left.

This post was imported from an account that no longer exists!
Previous Name: phreneticus
Re: Sothink AoB finder Posted on: 11/14/2010 9:07am
Quote Post
Quote from: "satanicgurrl"
just a trival problem but
in the second window i see
Code: [Select]
d066 bd 0862 0566 af 0162 0566 b0 0124 64as output for
Code: [Select]
   //d0
    _as3_getlocal <0>
    //66 bd 08
    _as3_getproperty _root
    //62 05
    _as3_getlocal <5>
    //66 af 01
    _as3_getproperty x
    //62 05
    _as3_getlocal <5>
    //66 b0 01
    _as3_getproperty y
    //24 64
    _as3_pushbyte 100

anyways this is def usefuls man, but for the issue above. also if you could add bbcode to the title oh and a copy to clipboard button.
ETA: even better would be copy to clipboard when you click the box.

I will look into those ideas

and will try to fix the bug (broken image removed)
was it in the replace part? if so i might have missed something out there that i put in the other one

(lol, all these bugs only happen with raw data from the AS2 script XD)

EDIT:
Bug fixed - working on te improvements
Re: Sothink AoB finder Posted on: 11/23/2010 2:22am
Quote Post
well I hope you dont think I am stepping on your toes or anything, but I went ahead and made a knockoff with some of the features I had wanted.

added optional highlighting to help distinguish the hex from the pcode.
added optional BBCode
added a copy to clipboard button
added "NOP selection" to edit pane's context menu


http://www.forceprojectx.co.cc/services/rawdata

[spoiler=screenshot:9ua3ur1y](broken image removed)