Jump to content
Tuts 4 You

Tutorials & Documents

15 files

  1. IDA Pro & Decompiler Demo

    This is a demo video for IDA. The video is an analysis of a dynamic link library on a system compromised by spyware. It goes through and explains how to use some of the key features found in IDA. The Hex-Rays Decompiler converts executable programs into a human readable C-like pseudo code text.

    231 downloads

    0 comments

    Submitted

  2. Debugging with IDA

    The truth being a little discouraged, lets a little the idea follow with tutes that venia doing so far (the one of asprotect for example and to finish it) and so far to follow something but simple, for but ahead retaking but complex when it was a little better I animate.

    It will use example archives that are attached to show to some details del the operation del the IDA that many do not know and that let pass and that by all means would save many misfortunes jeje and returns and pressures of keys of but.

    230 downloads

    0 comments

    Submitted

  3. Debugging with IDA Continued

    We continued playing a little with IDA and in this part we will amuse a little with some commandos and we will see as they work.

    170 downloads

    0 comments

    Submitted

  4. First Steps in IDA

    Many times we have heard that IDA is a better disassembler than Wdasm, and that it is the best disassembler that exists which is correct, and in spite of not using it frequently, we will see in this first example some tips for IDA, and some differences with the listing it shows us in OLLY and in Wdasm.

    To practice, we will use a typical example where we note the differences in a crackme made in VC++ or that is to say level 1 from contest 34. (Attached to this tute).

    250 downloads

    0 comments

    Submitted

  5. IDA and OllyDbg The Union

    A paper on ways to successfully combine and better use IDA with OllyDbg.

    162 downloads

    0 comments

    Submitted

  6. IDA Plugin Writing in C++

    After spending a lot of time going through the header files in the IDA SDK as well as looking at the source to other people's plug-ins, I figured there should be an easier way to get started with writing IDA plug-ins. Although the header file commentary is amazingly thorough, I found it a little difficult navigating and finding things when I needed them without a lot of searching and trial-and-error. I thought that I'd write this tutorial to try and help those getting started as well as hopefully provide a quick reference point for people developing plug-ins. I've also dedicated a section to setting up a development environment which should make the development process quicker to get into.

    170 downloads

    0 comments

    Submitted

  7. IDA Pro for Newbiez

    Normally one is the first Tools, with which a Newbie argues, W32DASM. This Tool is both easy to learn and simply serve. One hears somewhat later then of a Tool named "IDA Pro", which should be better viiieeeel than W32DASM. Fact is that W32DASM is not any longer developed further, while with IDA the pro is very much much the case. In addition fact is that IDA pro possesses some features, which make the Reverse engineering easier. But we come now finally to the actual topic.

    251 downloads

    0 comments

    Updated

  8. IDA Pro Quick Reference Sheet

    Datarescue Interactive Disassembler (IDA) Pro Quick Reference Sheet.

    158 downloads

    0 comments

    Submitted

  9. IDA Pro User Tutorial

    This is my first tutorial and the first lesson so please don't be rude. Due to the fact that English is not my native language there may be errors. Feel free to contact me so that I can correct them.

    Some people may ask why I have written this tutorial since everyone who is into cracking knows how to deal with IDA and newbies normally use W32DASM, changing later when they are advanced. I am trying a different approach. It's 2003 now. W32DASM has lots of mistakes and is less powerful than IDA. I decided to make this tutorial for newbies as a First Approach to IDA so that their first tool is a powerful and helpful one for learning how to crack programs. IDA offers Auto Comments so the Assembler language isn't as cryptic for newbies.

    Of course, it is useful to have an Assembler Book as a reference but some things may become clearer by just viewing the comments that may be advanced. I won't expect any Assembler knowledge in this tutorial and Assembler will be addressed in my second tutorial. I want this tutorial to cover the most used functions in IDA. It will not be complete and won't replace the help file from IDA. Make sure to read the help file if you run into problems.

    I will try to explain a lot of things with screenshots but don't expect a graphical step-by-step walkthrough for every case. I set goal of one week to complete this tutorial because in one week I promised my first lesson.

    263 downloads

    0 comments

    Submitted

  10. IDAPython: User Scripting for a Complex Application

    Developers of today's increasingly complex software packages have to find the delicate balance between the required feature set and implementation time. One way to deal with the issue is to provide end users with means to extend and customize the software to their own needs. Application scripting is the easiest way to involve the users in customisation, with a low entry barrier.

    The goal of this final year project was to integrate the Python programming language as a user scripting language into the Interactive Disassembler Pro, also known as IDA Pro, the de-facto standard disassembly tool of the computer security industry. The project is called IDAPython, and the software was implemented as plug-in to IDA Pro.

    The IDAPython project used Python as a scripting language and the Simplified Wrapper Interface Generator (SWIG) for interfacing the interpreter to the host application. This report details the design, implementation and issues related to interfacing Python to a complex Application Programming Interface through SWIG, targeted for three different software platforms.

    Over the years IDAPython has become a powerful tool, popular among security researchers around the world. IDAPython is available in binary and source code form for free.

    118 downloads

    0 comments

    Submitted

  11. Introduction to IDAPython

    IDAPython is an extension for IDA, the Interactive Disassembler. It brings the power and convenience of Python scripting to aid in the analysis of binaries. This article will cover some basic usage and provide examples to get interested individuals started. We will walk through practical examples ranging from iterating through functions, segments and instructions to data mining the binaries, collecting references and analyzing their structure.

    131 downloads

    0 comments

    Submitted

  12. Playing with API Implementations with IDA and Bochs

    It is common, when one reverser keeps talking to another, to find out new ways to use tools we already have. Sometimes, you find out how to use the tool in an unexpected way, others is just an unknown shortcut or undocumented behaviour. Lately, this had often happened while talking about using IDA and Bochs together, specially using the debugger in the special "PE mode". Bochs is one of the common environments where it is being used to run/analyze malware, we found interesting to show what you can do, what you can't and what really needs to be improved in this new debugging mode.
    Just to put some context, in the current version of IDA Pro (right now is 5.5 as I wrote this), Hex-Rays included a new debugger plugin so it is possible to debug targets using Bochs x86 emulator. This new plugin allows three different ways to debug the targets:

    - Disk image: You can use an image or "bochs virtual machine" to debug your target. It's probably the best way but it requires having a working virtual machine so for those who never tried, it's a slightly painful process.

    - IDB: its intended use is only to select a piece of assembly code and debug it "virtually" using Bochs. Think about it like an advanced x86emu.

    - PE: Quite similar to the IDB mode but where IDA provides a basic environment with a PE loader, and support for the emulation of some win32 API calls. How this emulation works and how we can play with it is the main topic of this article.

    This article is focused on the 'PE mode", so let's take a look about how it works.

    114 downloads

    0 comments

    Submitted

  13. The Great IDA Primer

    Why is IDA so useful? Because it can do anything. IDA will change the way you think about disassemblers; it will change the way you think about cracking. W32Dasm? A toy. Soft-Ice? Unnecessary. When you have a disassembler that lets you follow the flow of execution by tapping the keyboard, backtrace just as easily, name variables/addresses/functions, view the entire program as opcodes or assembly, change code to data and back again according to your whim, and even run limited C programs to perform operations on the code from searching and parsing to translating and patching...why go somewhere else?

    210 downloads

    0 comments

    Submitted

  14. TiGa IDA Series (1-12)

    TiGa 01 - Visual Debugging with IDA
    TiGa 02 - Remote Debugging with IDA Pro
    TiGa 03 - Debugging a Buggy Application with IDA Pro
    TiGa 04 - How to Solve CrackMes for Dummies in Video
    TiGa 05 - x64 Disassembling and Fixing Obfuscated API's
    TiGa 06 - TLS Callbacks and Preventing Debugger Detection
    TiGa 07 - Unwrapping a Flash Video Executable
    TiGa 08 - Stop Fishing and Start Keygenning!
    TiGa 09 - Alien Autopsy rev. 2008
    TiGa 10 - Unpacking Deroko x64 UnPackMe
    TiGa 11 - Solving Pnluck x64 CrackMe
    TiGa 12 - Unpacking 4 Simple Packers with IDA
     

    1,283 downloads

    5 comments

    Submitted

  15. Unpacking Malware using IDA Pro Extensions

    In almost all cases of today's malicious software, executable packers or crypters are used in order to obfuscate code and data. In some cases unpackers and dumpers are available. In very few cases they actually work on packed malware executables due to modifications of internal structures such as the PE header.

    In the following example an unknown binary is loaded into IDA Pro...

    211 downloads

    0 comments

    Submitted


×
×
  • Create New...