Jump to content
Tuts 4 You


  1. Community Discussions

    1. Terms, Privacy Policy & Frequently Asked Questions   (120,985 visits to this link)

      Very important! Please read before sign up and posting...

    2. General Discussions and Off Topic

      General and off-topic conversations and discussions here...

    3. Artscene Community

      Share graphic, ASCII, module, demo, intro ideas and works...

    4. Site Bug Reports and Feedback

      Bugs, feedback and ideas regarding this site...

  2. Reverse Code Engineering

    1. Challenge of Reverse Engineering

      Try a challenge or contribute your own, any platform or operating system...

    2. Hardware Reverse Engineering

      Reverse engineering of circuitry hardware and firmware...

    3. Network Security

      Discussions on network security, holes, exploits and other issues...

    4. Malware Reverse Engineering

      Debugging, disassembling and documenting interesting malware...

    5. Reverse Engineering Articles

      Share an interesting blog, news page or other RE related site...

    6. Employment and Job Vacancies

      Advertise a job or seek an employment opportunity...

  3. Developers Forums

    1. Programming and Coding

      Programming and coding tips, help and solutions...

    2. Programming Resources

      Share an interesting blog, news page or other resource...

    3. Software Security

      Securing your software against reverse engineering...

  4. Community Projects

    1. Scylla Imports Reconstruction

      Development and support forum for the Scylla project...

    2. x64dbg

      An open-source x64/x32 debugger for windows...

    3. Future Community Projects

      Looking for support and interested partners for a future project?

    4. Community Projects Archive

      Old and inactive projects moved to long term support...

  • Member Statistics

    Total Members
    Most Online
    Newest Member
  • Posts

    • shadow.Walker
      sounds useful for unpacking 🤔
    • whoknows
      https://www.bleepingcomputer.com/news/security/net-core-vulnerability-lets-attackers-evade-malware-detection/   bonus medium.com/pcmag-access/former-intel-engineer-explains-why-apple-switched-to-arm-deba86e560b1 Hard Disk Hacking (2013) - spritesmods.com/?art=hddhack&page=1
    • whoknows
    • LCF-AT
      Hi guys, thanks for your feedbacks so far. Today I found a new strange behavior of WD!Right now I did started my PC and see that WD did update already a new def file see the version.. ....now I do the same as yesterday and did copy the BAD files from my rar package into a free folder.So remember, when I did this yesterday WD did prevent it because of alert etc but today oh wonder it does work and WD dosent say anything!=?So I got 2 diffrent file versions of the same file which got yesterday detected on my main OS but today all is fine.But I also see some diffrents.One file gets marked with that WD shield icon on icon (dont remember anymore what that means etc) but the other file dosent get that shileld icon on icon.Another diffrent to yesterday is that both files had missing entrys in the details tab (right mouse / details) but today all details are present!=?Whats this?How can this be?Do you have any clues about that?Yesterday all bad (main OS only) and today all fine.Hm.Maybe you are right atom0s with that scan thing there. So I am using same setting for WD in VM too.Just enabled realtime scan option and manipulution option.The other cloud stuff / sending examples I have disabled. So what app should I use in first place then? greetz
    • Progman
      Also Windows Defender might have options to do live cloud verification or other levels of threat verification like generic heuristics.  Is the web connection enabled in the VM and all Windows Defender settings the same?  Virustotal style hash checking and stuff are becoming more common in antivirus apps lately for having access to a more up to date and broader database that allows vendors to find viruses earlier as well.  Could even be some random spyware setting in your Windows account profile usually under the title of "help Microsoft improve our products and user experience" type of option. Or Windows Defender is so smart that it knows when you are in a VM or sandbox probably you are studying the viruses and do not want to block them.  But doubt it
  • File Comments

    • JMC31337
      And I just found out my GlobalAlloc API memory which is mapped in RW space also has RWE ability 
    • JMC31337
      Interesting .. because with a x86 app running under WoW I can force the mem base of the loaded exe to 0x10000 this is mapped as RW but allows code execution as though RWX First two images shows a typical standard dll characteristic which random mem maps  the other two I forced a dll characteristic of 0 and force it to 0x10000 and I can execute any opcode despite the RW mapping   1) Since it is mapped as RW shouldnt DEP prevent any execution? 2)
    • Xyl2k
      By seeing the number of imports on your screenshot and the ollydbg.exe in upper case i would guess you tried this on ollydbg v1.10, not on ollyv2 The description don't mention it here but that thing is for v2, if you look inside the readme of the archive, it says (in french) that the code has been rewrote for olly 2. So try with v2, or recompile the dll for v1. Also i'm checking the src and this can really be improved more. Especially for the v2 as if you rename ollydbg.exe to blabla.exe,
    • 4D43
      What i do now?
  • Downloads

  • Create New...