EventPairs Reversing – EventPairHandle as Anti-Dbg Trick

May 6, 2009


I’ve published

EventPairs Reversing – EventPairHandle as Anti-Dbg Trick

The paper is here:


Have a nice read 🙂

Giuseppe ‘Evilcry’ Bonfa’

Qt labs released source code of Embedded Widgets Demo

March 28, 2009


Another great new from Qt, recently has been released Embedded Widgets Demo


and here the Source Code


Giuseppe Bonfa’

0ffensiveC0ding updated – Emulation/AV Awareness

March 21, 2009


Thanks to Gunther for ARTeam here we have some new Anti-Emulation open source functions, I’ve uploaded these on my OffensiveCOding section:

here a quick list of the functions:

Anti-KAV -> Call this one before WSAStartup(),so sockets wont be initialized.
Anti-NOD32 -> sse1 instruction which nod32 cannot emulate.
IsEmulator -> Timings Attack to Emulator Environement.
IsCWSandBox -> Check if CreateProcess is hooked.
IsAnubis -> Check whether it is running within Anubis.
IsAnubis2 -> Check whether it is running within Anubis.
IsNormanSandBox -> NormanSandBox Awareness.
IsSunbeltSandBox -> Sunbelt Awareness.
IsVirtualPC -> VirtualPC Awareness.
IsVMware -> VMware Awareness.
DetectVM -> Check whether it is running in VMWare, VirtualBox using registry.
IsRegMonPresent -> Checking for RegMon by checking if the driver is  loaded in memory and by searching    for the window handle.

Here the link:


See you to the next post.. 🙂

Qt – Adding External Libs to your Project

February 22, 2009


During Qt Development with Qt Creator, emerged the necessity to add more libraries to my project, at the actual state of art Qt Creator does not provides an automated/graphical system to add libraries and since is using GCC is not possible to use #pragma comment(), so we have to modify by hand some files, here how to.

Suppose that you need to add psapi library, first of all locate into project directory Makefile.Debug and Makefile.Release

Open one of the two files (depends on how you need to deploy you program) and locate

LIBS        =        -L”c:\Qt\QtCreator\qt\lib” -lmingw32 -lqtmaind -lQtGuid4 -lQtCored4

now you can easly add your lib

LIBS        =        -L”c:\Qt\QtCreator\qt\lib” -lmingw32 -lqtmaind -lQtGuid4 -lpsapi -lQtCored4

See you to the next post.. 🙂

Some handy conversion for Qt

February 21, 2009


Long time since my last post, I’m not dead only extremely busy with work! 🙂

Here a little handy collection of String Formats Conversions from/to Qt:

#ifdef UNICODE

#define QStringToTCHAR(x) (wchar_t*) x.utf16()

#define PQStringToTCHAR(x) (wchar_t*) x->utf16()

#define TCHARToQString(x) QString::fromUtf16((x))

#define TCHARToQStringN(x,y) QString::fromUtf16((x),(y))


#define QStringToTCHAR(x) x.local8Bit().constData()

#define PQStringToTCHAR(x) x->local8Bit().constData()

#define TCHARToQString(x) QString::fromLocal8Bit((x))

#define TCHARToQStringN(x,y) QString::fromLocal8Bit((x),(y))


see you to the next post.. 🙂

QtCreator at Work

February 1, 2009

Hi there,

Great news form Qt world, Qt 4.5 are going to be free LGPL, and the new editor works fine!

Here a shot of Qt Creator the Qt IDE actually only for C++ at work:


I hope that more and more ppl will switch to Qt, they are simply fantastic! more refined and advanced of MFC and .NET!

Here a link to Qt HeadQuarter:


See you to the next post.. 🙂

OffensiveC0ding section Opened

February 1, 2009

Hi there,

I’ve opened a new section in my Website, called OffensiveC0ding.

I’m going to collect Source Code Samples of Applications that performs Spy/Surveillance operations, Covert Channels Applications and various other services that needs to perform hidden tasks. The Applications that you will find here will be published without binary files, easly because the scope of this section is to demonstrate how insecure could be a not well hardened system, this kind of demonstration could be only acheived by showing how effectively works a Real OffensiveCode.

Actually there is a little source that acts as Sandbox Detector, Joe of Joebox kindly noticed me that this detection system does not longer affects JoeBox.

Here you can reach my page:


See you to the next post.. 🙂