#StackBounty: #c# #asp.net #webforms #signalr Signalr hubs 404 not found

Bounty: 150

I’m trying to integrate Signalr into my web form project.

First, added the references using nugget

  • Microsoft.AspNet.SignalR.Client;
  • Microsoft.AspNet.SignalR.Core;
  • Microsoft.AspNet.SignalR.System.Web;
  • Microsoft.Owin;
  • Microsoft.Owin.Host.SystemWeb;
  • Microsoft.Owin.Security;
  • Owin

My startup class:

[assembly: OwinStartup(typeof(ns.App_Code.Startup))]
namespace ns 
 public class Startup
        public void Configuration(IAppBuilder app)

My hub:

public class PositionHub : Hub
    static ConcurrentDictionary<int, List<string>> connectedUsers = new ConcurrentDictionary<int, List<string>>();

    public override Task OnConnected()

        return base.OnConnected();


Finally, the client-side:


        $(function() {

            var logger = $.connection.positionHub;



Also, added to web.config the following:

<add key="owin:AutomaticAppStartup" value="true" /> 


    <validation validateIntegratedModeConfiguration="false" />
    <modules runAllManagedModulesForAllRequests="true" />

When I run the app it gives the 404 error:
GET http://localhost:41363/signalr/hubs 404 (Not Found)

This is not my first time using signalr, but it is the first time I have this issue, and been struggling for hours to solve it, with no luck…

Get this bounty!!!

#StackBounty: #c# #firebase #unity3d #firebase-database How to join results on a firebase query the right way

Bounty: 50

I am using Firebase real-time database for my app build with Unity. In order to build a “friend” leaderboard, the database will keep track of users their friends and their scores.

The database has the following structure:

user id : score
    Id: {
        friendlist : {
             multiple friends user ids

The problem is in order to get the scores and the names of every friend the app has to make alot of api calls. Atleast if I correctly understand firebase. If the user has 10 friends it will take 21 calls before the leaderboard is filled.

I came up with the following code written in c#:

List<UserScore> leaderBoard = new List<UserScore>();
db.Child("users").Child(uid).Child("friendList").GetValueAsync().ContinueWith(task => {
    if (task.IsCompleted)
        //foreach friend
        foreach(DataSnapshot h in task.Result.Children)
            string curName ="";
            int curScore = 0;
            //get his name in the user table
            db.Child("users").Child(h.Key).GetValueAsync().ContinueWith(t => {
                if (t.IsCompleted)
                    DataSnapshot s = t.Result;
                    curName = s.Child("name").Value.ToString();
                    //get his score from the scores table
                    db.Child("scores").Child(h.Key).GetValueAsync().ContinueWith(q => {
                        if (q.IsCompleted)
                            DataSnapshot b = q.Result;
                            curScore = int.Parse(b.Value.ToString());
                            //make new userscore and add to leaderboard
                            leaderBoard.Add(new UserScore(curName, curScore));

Is there any other way to do this? I’ve read multiple stack overflow questions watched firebase tutorials but i didnt found any simpler or more efficient way to get the job done.

Get this bounty!!!

#StackBounty: #c# #web-services #authentication #password-encryption "Safely" store (on client side) tokens for reuse?

Bounty: 50

I’m trying to create a desktop application that will send updates to a web-service I am developing.

Ideally, the application would be configured only once and deployed to a network share. When configuring the application, the user will enter a password that is used to authenticate within the web-service. After that, a token will be created to be used on future connections.

This would allow any computer with access to the network share to just run the application (which will connect to the web-service) without entering any credentials (because the token has been saved).

Question is: How should I protect this token?

  • I know that storing it client-side will never be completely secure, but I want to make it as hard as possible for someone to gain access to the plaintext token.
  • I’m looking for an answer that, preferably, does not depend on any operational-system resource (since the application can be executed from different devices).
  • Assume I have full control over the application and the web-server
  • I’m developing the console application using C#, but I believe this to be more of a theoretical question (not tied to any specific language)

Here are a few things I’ve tried/thought about:

  • Serializing the token using something like C#’s SecureString and storing it on a file: it’s the best I’ve come with. But obviously, very trivial to reverse if someone gains access to the key file.

  • This answer suggests to use the Windows Data Protection API (DPAPI) (in C#, the ProtectedData class), but apparently, this would allow only the user who initially saved the credentials to access them, which would not work because I have to access the protected data from multiple users/devices.

  • Pass the token as a parameter to the application: this just changes where I’m going to store the token (on a batch file or OS task that calls the program, for example), but I don’t think it makes it any more secure.

Get this bounty!!!

#StackBounty: #open-source #library #software-development #c# #asp.net Auditing and versioning through Entity Framework

Bounty: 50

Auditing and versioning database transactions is an important thing to track What’s the sequence of actions? Who made these actions? and How to rollback to the previous state?

A long time ago, we used ADO.NET to interact with our databases (Informix, Sql Server, Oracle) and we audit the transaction through the database itself.

Now we use Entity Framework 6 to interact with the databases, and we want to keep track of the transactions.

I googled about auditing and versioning through Entity Framework and have found many APIs and articles concerning how to implement them but I feel confused about stability and extensible.

My main requirements :

  • Auditing & Versioning the main operations (INSERT, UPDATE, DELETE).
  • Works With Code First & DB First (EDMX) .
  • Can audit (Oracle, SQL Server) DBMS.
  • Can Include and Exclude entities.
  • Can audit a DB Graph.

Some search results I have found:

Get this bounty!!!

#StackBounty: #windows #c++ Kite alternative for c++

Bounty: 50

Kite is a cloud-powered copilot that boosts your programming

It shows:

  1. Smart completions
  2. Popular patterns
  3. Code examples
  4. Documentation

But unfortunately, it is available only for python.

Is there any such extension for Visual Studio Code that supports C++ ?

I am mainly interested in seeing the Documentation of a function when I hover on it.

Thanks and regards.

Get this bounty!!!

#StackBounty: #c# #winforms Change the TextBox highlight color when a user selects text?

Bounty: 50

I’ve been looking for the way to change the textbox highlight color when a user select text. Windows uses blue as default color. For example, on Microsoft Outlook, when you write a mail and select (highlight) text, the back color is gray.

Selected text in Outlook

TextBox selected text by user

Everybody said that I need to override onPaint method but i don’t know how exactly to do that. The RichTextbox selectedbackground color is not the solution because it changes the color for the text, not when the user selects it.

Get this bounty!!!

#StackBounty: #c++ #collision-detection #separating-axis-theorem Getting false positives with SAT

Bounty: 50

I’ve been trying to get proper collision detection with SAT in 3D. I started of with this post: How many and which axes to use for 3D OBB collision with SAT.

I’ve been trying to get the right axis to test, which I thought would be correct, but they are still giving me false positives. All actual collision seem to work.

What I try is the following:

  • Get the model for the objects in my game.
  • Get the corners for the objects
  • Adjust these corners to my object’s location
  • Get the axis
  • Check for overlap when projecting the corners on these axis

When positioning the object in this way:

enter image description here

Then I get a false positive. (Although these are axis aligned, they should be able to rotate)

I’ve been stuck on this for quit a while now, so I feel like I’m missing something I just can’t find. Also if this approach is an overkill and there is a better way, please also let me know.

I hate to just go like here’s my code, but breaking it up in pieces will probably make it more confusing, so.. here’s my code:

#define NOMINMAX

#include "../../stdafx.h"
#include "CollisionSystem.h"
#include "../../Core/MovingGameObject.h"
#include "../Objects/StaticObjects/Skull.h"
#include "../Objects/StaticObjects/Primitives/Plane.h"
#include <limits>
#include <cmath>

using namespace DirectX;

namespace JurreGame {


    void CollisionSystem::CheckCollisionBetween(GameObject* objectA, GameObject* objectB)
        XMFLOAT4X4 modelA = objectA->GetModel();
        XMMATRIX modelAMatrix = XMLoadFloat4x4(&modelA);
        XMMATRIX invModel = XMMatrixInverse(&XMMatrixDeterminant(modelAMatrix), modelAMatrix);
        XMFLOAT4X4 invModel4x4;
        XMStoreFloat4x4(&invModel4x4, invModel);
        XMMATRIX modelBMatrix = XMLoadFloat4x4(&objectB->GetModel());
        XMMATRIX aAlignedObjectBModel = XMMatrixMultiply(invModel, modelBMatrix);

        /* Corners positions
            x y z
        0 = - - +
        1 = + - +
        2 = + + +
        3 = - + +
        4 = - - -
        5 = + - -
        6 = + + -
        7 = - + -

        axis for the planes are:
        X Axis => (3) - + + vs + + + (2)
        Y Axis => (3) - + + vs - - + (0)
        Z Axis => (3) - + + vs - + - (7)

        // https://gamedev.stackexchange.com/questions/44500/how-many-and-which-axis-to-use-for-3d-obb-collision-with-sat

        // Get's the corners calculated for the extends.
        XMFLOAT3 objectACorners[8];
        XMFLOAT3 objectBCorners[8];

        // translates them to world space
        for (int i = 0; i < 8; i++) {
            XMStoreFloat3(&objectACorners[i], XMVector3Transform(XMLoadFloat3(&objectACorners[i]), modelAMatrix));
            XMStoreFloat3(&objectBCorners[i], XMVector3Transform(XMLoadFloat3(&objectBCorners[i]), modelBMatrix));

        XMVECTOR ObjectAaxis1 = XMVectorSubtract(XMLoadFloat3(&objectACorners[2]), XMLoadFloat3(&objectACorners[3]));
        XMVECTOR ObjectAaxis2 = XMVectorSubtract(XMLoadFloat3(&objectACorners[3]), XMLoadFloat3(&objectACorners[0]));
        XMVECTOR ObjectAaxis3 = XMVectorSubtract(XMLoadFloat3(&objectACorners[3]), XMLoadFloat3(&objectACorners[7]));

        XMVECTOR ObjectBaxis1 = XMVectorSubtract(XMLoadFloat3(&objectBCorners[2]), XMLoadFloat3(&objectBCorners[3]));
        XMVECTOR ObjectBaxis2 = XMVectorSubtract(XMLoadFloat3(&objectBCorners[3]), XMLoadFloat3(&objectBCorners[0]));
        XMVECTOR ObjectBaxis3 = XMVectorSubtract(XMLoadFloat3(&objectBCorners[3]), XMLoadFloat3(&objectBCorners[7]));

        XMVECTOR crossaxis1 = XMVector3Cross(ObjectAaxis1, ObjectBaxis1);
        XMVECTOR crossaxis2 = XMVector3Cross(ObjectAaxis1, ObjectBaxis2);
        XMVECTOR crossaxis3 = XMVector3Cross(ObjectAaxis1, ObjectBaxis3);
        XMVECTOR crossaxis4 = XMVector3Cross(ObjectAaxis2, ObjectBaxis1);
        XMVECTOR crossaxis5 = XMVector3Cross(ObjectAaxis2, ObjectBaxis2);
        XMVECTOR crossaxis6 = XMVector3Cross(ObjectAaxis2, ObjectBaxis3);
        XMVECTOR crossaxis7 = XMVector3Cross(ObjectAaxis3, ObjectBaxis1);
        XMVECTOR crossaxis8 = XMVector3Cross(ObjectAaxis3, ObjectBaxis2);
        XMVECTOR crossaxis9 = XMVector3Cross(ObjectAaxis3, ObjectBaxis3);


        if (HasOverlap(objectACorners, objectBCorners, ObjectAaxis1)) { OutputDebugString(L"Has overlap on ObjectAaxis1n"); }
        if (HasOverlap(objectACorners, objectBCorners, ObjectAaxis2)) { OutputDebugString(L"Has overlap on ObjectAaxis2n"); }
        if (HasOverlap(objectACorners, objectBCorners, ObjectAaxis3)) { OutputDebugString(L"Has overlap on ObjectAaxis3n"); }
        if (HasOverlap(objectACorners, objectBCorners, ObjectBaxis1)) { OutputDebugString(L"Has overlap on ObjectBaxis1n"); }
        if (HasOverlap(objectACorners, objectBCorners, ObjectBaxis2)) { OutputDebugString(L"Has overlap on ObjectBaxis2n"); }
        if (HasOverlap(objectACorners, objectBCorners, ObjectBaxis3)) { OutputDebugString(L"Has overlap on ObjectBaxis3n"); }
        if (HasOverlap(objectACorners, objectBCorners, crossaxis1))   { OutputDebugString(L"Has overlap on crossaxis1n"); }
        if (HasOverlap(objectACorners, objectBCorners, crossaxis2))   { OutputDebugString(L"Has overlap on crossaxis2n"); }
        if (HasOverlap(objectACorners, objectBCorners, crossaxis3))   { OutputDebugString(L"Has overlap on crossaxis3n"); }
        if (HasOverlap(objectACorners, objectBCorners, crossaxis4))   { OutputDebugString(L"Has overlap on crossaxis4n"); }
        if (HasOverlap(objectACorners, objectBCorners, crossaxis5))   { OutputDebugString(L"Has overlap on crossaxis5n"); }
        if (HasOverlap(objectACorners, objectBCorners, crossaxis6))   { OutputDebugString(L"Has overlap on crossaxis6n"); }
        if (HasOverlap(objectACorners, objectBCorners, crossaxis7))   { OutputDebugString(L"Has overlap on crossaxis7n"); }
        if (HasOverlap(objectACorners, objectBCorners, crossaxis8))   { OutputDebugString(L"Has overlap on crossaxis8n"); }
        if (HasOverlap(objectACorners, objectBCorners, crossaxis9))   { OutputDebugString(L"Has overlap on crossaxis9n"); }

        if (!HasOverlap(objectACorners, objectBCorners, ObjectAaxis1)) { OutputDebugString(L"No overlap on ObjectAaxis1n"); }
        else if (!HasOverlap(objectACorners, objectBCorners, ObjectAaxis2)) { OutputDebugString(L"No overlap on ObjectAaxis2n"); }
        else if (!HasOverlap(objectACorners, objectBCorners, ObjectAaxis3)) { OutputDebugString(L"No overlap on ObjectAaxis3n"); }
        else if (!HasOverlap(objectACorners, objectBCorners, ObjectBaxis1)) { OutputDebugString(L"No overlap on ObjectBaxis1n"); }
        else if (!HasOverlap(objectACorners, objectBCorners, ObjectBaxis2)) { OutputDebugString(L"No overlap on ObjectBaxis2n"); }
        else if (!HasOverlap(objectACorners, objectBCorners, ObjectBaxis3)) { OutputDebugString(L"No overlap on ObjectBaxis3n"); }
        else if (!HasOverlap(objectACorners, objectBCorners, crossaxis1))   { OutputDebugString(L"No overlap on crossaxis1n"); }
        else if (!HasOverlap(objectACorners, objectBCorners, crossaxis2))   { OutputDebugString(L"No overlap on crossaxis2n"); }
        else if (!HasOverlap(objectACorners, objectBCorners, crossaxis3))   { OutputDebugString(L"No overlap on crossaxis3n"); }
        else if (!HasOverlap(objectACorners, objectBCorners, crossaxis4))   { OutputDebugString(L"No overlap on crossaxis4n"); }
        else if (!HasOverlap(objectACorners, objectBCorners, crossaxis5))   { OutputDebugString(L"No overlap on crossaxis5n"); }
        else if (!HasOverlap(objectACorners, objectBCorners, crossaxis6))   { OutputDebugString(L"No overlap on crossaxis6n"); }
        else if (!HasOverlap(objectACorners, objectBCorners, crossaxis7))   { OutputDebugString(L"No overlap on crossaxis7n"); }
        else if (!HasOverlap(objectACorners, objectBCorners, crossaxis8))   { OutputDebugString(L"No overlap on crossaxis8n"); }
        else if (!HasOverlap(objectACorners, objectBCorners, crossaxis9))   { OutputDebugString(L"No overlap on crossaxis9n"); }
        else {
            OutputDebugString(L"Has collisionn");

    bool CollisionSystem::HasOverlap(XMFLOAT3 objectACorners[], XMFLOAT3 objectBCorners[], XMVECTOR axis) {
        float minA = std::numeric_limits<float>::max(), maxA = std::numeric_limits<float>::lowest();
        float minB = std::numeric_limits<float>::max(), maxB = std::numeric_limits<float>::lowest();
        if (XMVectorGetX(XMVector3Length(axis)) == 0.0f) {
            return true;

        for (int i = 0; i < 8; i++) {
            //XMVECTOR cornerA = ProjectPoint(XMLoadFloat3(&objectACorners[i]), axis);
            //float lengthA = XMVectorGetX(XMVector3Length(cornerA));
            XMVECTOR dotProductA = XMVector3Dot(XMLoadFloat3(&objectACorners[i]), axis);
            float lengthA = XMVectorGetX(XMVector3Length(dotProductA));

            minA = fmin(minA, lengthA);
            maxA = fmax(maxA, lengthA);

            // XMVECTOR cornerB = ProjectPoint(XMLoadFloat3(&objectBCorners[i]), axis);
            // float lengthB = XMVectorGetX(XMVector3Length(cornerB));
            XMVECTOR dotProductB = XMVector3Dot(XMLoadFloat3(&objectBCorners[i]), axis);
            float lengthB = XMVectorGetX(XMVector3Length(dotProductB));

            minB = fmin(minB, lengthB);
            maxB = fmax(maxB, lengthB);

        float longSpan = fmax(maxA, maxB) - fmin(minA, minB);
        float sumSpan = maxA - minA + maxB - minB;
        return longSpan < sumSpan;

        //return minB <= maxA && maxB >= minA;

    XMVECTOR CollisionSystem::ProjectPoint(XMVECTOR point, XMVECTOR axis)
        return (XMVector3Dot(point, axis) / XMVector3Dot(axis, axis)) * axis;

Get this bounty!!!

#StackBounty: #c# #wpf How do I assign a global initialized event?

Bounty: 50

I’ve got this code in my App.xaml.cs:

protected override void OnStartup(StartupEventArgs e)
    EventManager.RegisterClassHandler(typeof(TextBox), TextBox.TextChangedEvent, new RoutedEventHandler(TextBox_TextChangedEvent));
private void TextBox_TextChangedEvent(object sender, RoutedEventArgs e)
    // Works

I would like to do something similar for the InitializedEvent.
Here’s my failed attempt:

protected override void OnStartup(StartupEventArgs e)
    EventManager.RegisterClassHandler(typeof(FrameworkElement), FrameworkElement.InitializedEvent, new EventHandler(FrameworkElement_InitializedEvent));
private void FrameworkElement_InitializedEvent(object sender, EventArgs e)


Is the InitializedEvent somewhere else?
Is this even possible?

I’ve tried using the LoadedEvent:

protected override void OnStartup(StartupEventArgs e)
    EventManager.RegisterClassHandler(typeof(FrameworkElement), FrameworkElement.LoadedEvent, new RoutedEventHandler(FrameworkElement_LoadedEvent));
private void FrameworkElement_LoadedEvent(object sender, RoutedEventArgs e)
    // Fires only for Windows

It only fired for Windows and not the controls inside the Windows. I did realize though; that when I added a loaded event to a Label that I had inside my Window; the global FrameworkElement_LoadedEvent fired for that Label even though my normal loaded event (That I made for the Label specifically) was empty. I’ve also tried these:

EventManager.RegisterClassHandler(typeof(Button), Button.LoadedEvent, new RoutedEventHandler(Button_LoadedEvent));
EventManager.RegisterClassHandler(typeof(Grid), Grid.LoadedEvent, new RoutedEventHandler(Grid_LoadedEvent));
EventManager.RegisterClassHandler(typeof(DataGrid), DataGrid.LoadedEvent, new RoutedEventHandler(DataGrid_LoadedEvent));

But they don’t fire unless I add another empty loaded event on those controls specifically.

My goal is to build up a sort of a time log of every control that becomes initialized.

How can I achieve this without adding loaded events on every single control I have?

(I have a lot)

Get this bounty!!!

#StackBounty: #c# #botframework #speech-to-text #microsoft-cognitive #bing-speech Bing Speech API integrated with Microsofts BotFramework

Bounty: 100

I figured I’d set this one out with as much detail as possible, hopefully someone out there has some experience with this kind of set-up.

Front-end: ASP.Net MVC Razer website.

  • .Net Framework 4.6.1

Back-end: Bot-framework Web API (RESTful).

  • .Net Framework 4.6

Back-Back-end: I use various Azure located cognitive services but in this case it’s just the Bing Speech API.

Relevant SDKs:

  • Microsoft.Bing.Speech (Version: 2.0.2)
    • Bond.Core.CSharp (Version: 8.0.0) ~ dependancy
    • Bond.CSharp (Version: 8.0.0) ~ dependancy
    • Bond.Runtime.CSharp (Version: 8.0.0) ~ dependancy

I’m using getUserMedia in the website to record the users microphone upon request from some javascript code, this creates a blob URL.

I then pass the blob url as the ContentUrl within an Attachment to an Activity.

When this hits the Bot-framework I do some basic validation (nothing related to this problem), and then pass to a custom Dialog<T>.

This is where I’m struggling to get the Bing Speech API to do what I want.

I use this method from within the Dialog<T>:

public async Task Run(string audioFile, string locale, Uri serviceUrl)
    // create the preferences object
    var preferences = new Preferences(locale, serviceUrl, new CognitiveServicesAuthorizationProvider(subscriptionKey));

    using (var speechClient = new SpeechClient(preferences))

        using (WebClient webClient = new WebClient())
            using (Stream stream = webClient.OpenRead(audioFile))
                var deviceMetadata = new DeviceMetadata(DeviceType.Near, DeviceFamily.Desktop, NetworkType.Ethernet, OsName.Windows, "1607", "Dell", "T3600");
                var applicationMetadata = new ApplicationMetadata("SampleApp", "1.0.0");
                var requestMetadata = new RequestMetadata(Guid.NewGuid(), deviceMetadata, applicationMetadata, "SampleAppService");

                    await speechClient.RecognizeAsync(new SpeechInput(stream, requestMetadata), this.cts.Token).ConfigureAwait(false);
                catch (Exception genEx)
                    // Was just using this try/catch for debugging reasons

I’m using the WebClient to get the Stream, rather than the FileStream that this method uses in the Microsoft sample code because Filestream won’t stream from URL’s.

The Current Problems:

When this line is hit:

await speechClient.RecognizeAsync(new SpeechInput(stream, requestMetadata), this.cts.Token).ConfigureAwait(false);

It throws an error about the Bond.IO.dll

Fusion Log:

I’m debugging locally with the Microsoft Bot Framework Emulator which is why you’ll see the local file paths.

=== Pre-bind state information ===
LOG: DisplayName = Bond.IO, Version=, Culture=neutral, PublicKeyToken=31bf3856ad364e35
LOG: Appbase = file:///[project folder]
LOG: Initial PrivatePath = bin
Calling assembly : Microsoft.Bing.Speech, Version=, Culture=neutral, PublicKeyToken=31bf3856ad364e35.
LOG: This bind starts in default load context.
LOG: Using application configuration file:web.config
LOG: Using host configuration file: aspnet.config
LOG: Using machine configuration file from machine.config.
LOG: Post-policy reference: Bond.IO, Version=, Culture=neutral, PublicKeyToken=31bf3856ad364e35
LOG: Attempting download of new URL file:///C:/Users/[USER]/AppData/Local/Temp/Temporary ASP.NET Files/vs/0f4bb63f/ca796715/Bond.IO.DLL.
LOG: Attempting download of new URL file:///C:/Users/[USER]/AppData/Local/Temp/Temporary ASP.NET Files/vs/0f4bb63f/ca796715/Bond.IO/Bond.IO.DLL.
LOG: Attempting download of new URL file:///C:/[USER]/[PROJECT PATH]/bin/Bond.IO.DLL.
WRN: Comparing the assembly name resulted in the mismatch: Major Version
ERR: Failed to complete setup of assembly (hr = 0x80131040). Probing terminated.

The weird thing is that if I roll back the bing api to 2.0.1 and manually insert the older versions of the Bond.IO packages (version 4.0.1) which is what’s installed in the sample project, it doesn’t throw this error, it throws other errors.

What I’m REALLY asking:

If I want to just send a .wav audio file to my API and then use the transcription function of the Bing.Speech API to convert the speech to text, what is the best way to do this? Am I at least going in the right direction.

Bonus Points if your answer ties in with how I’m already doing it.

Get this bounty!!!

#StackBounty: #c #ruby #windows #winapi #fiddle How to use Fiddle with Windows API (dll) to run a shellcode in Ruby

Bounty: 50

I’m trying to use ruby Fiddle standard library to Windows APIs to run a shellcode

The idea of the code is to

  1. having a hexdicemial shellcode raw that executes anything (eg. MessageBoxA)
  2. call kernel32.dll
  3. allocate a memory for this shellcode. VirtualAlloc
  4. create a buffer for this shellcode
  5. move the shellcode to that allocation. RtlMoveMemory
  6. create a new thread to execute that shellcode. CreateThread
  7. wait for the execution/thread to end. WaitForSingleObject

here is the code:

require 'fiddle'
require 'fiddle/import'
require 'fiddle/types'

shellcode = # MessageBoxA
"x31xd2xb2x30x64x8bx12x8bx52x0cx8bx52x1cx8bx42" +  
"x08x8bx72x20x8bx12x80x7ex0cx33x75xf2x89xc7x03" + 
"x78x3cx8bx57x78x01xc2x8bx7ax20x01xc7x31xedx8b" + 
"x34xafx01xc6x45x81x3ex46x61x74x61x75xf2x81x7e" + 
"x08x45x78x69x74x75xe9x8bx7ax24x01xc7x66x8bx2c" + 
"x6fx8bx7ax1cx01xc7x8bx7cxafxfcx01xc7x68x79x74" + 
"x65x01x68x6bx65x6ex42x68x20x42x72x6fx89xe1xfe" + 

kernel32 = Fiddle.dlopen('kernel32')

puts "[-] VirtualAlloc"
ptr = Function.new(kernel32['VirtualAlloc'], [4,4,4,4], 4).call(0, (shellcode.size), 0x3000, 0x40)
Function.new(kernel32['VirtualProtect'], [4,4,4,4], 4).call(ptr, shellcode.size, 0, 0)

puts "[-] Create buffer"
buf = Fiddle::Pointer[shellcode]

puts "[-] RtlMoveMemory"
Function.new(kernel32['RtlMoveMemory'], [4, 4, 4], 4).call(ptr], buf, shellcode.size)

puts "[-] CreateThread"
# thread = Function.new(kernel32['CreateThread'], [4, 4, 4, 4, 4, -4], 4).call(0, 0, ptr, 0, 0, 0)
thread = Function.new(kernel32['CreateThread'], [4,4,4,4,4,4], 4).call(Fiddle::NULL, 0, ptr, 0, 0, 0)

pp Function.new(kernel32['WaitForSingleObject'], [4,4], 4).call(thread, -1)

The problem is the MessageBoxA never get executed, when I try to something like a bind shell, the TCP connection starts successfully when I connect but I can’t execute commands and it ends once I send anything twice like pressing enter twice.

I checked the buffer buf size and contents buf.size, buf.to_str and it’s accurate.

I’ve executed a python version of this and it works. Am I missing something here?


Note: I don’t want to call the MessageBoxA API directly I need to execute it from the shellcode.


Get this bounty!!!