Reverse Engineering Articles
Share an interesting blog, news page or other RE related site...
346 topics in this forum
-
.net File Structure
by Ufo-Pu55y- 1 reply
- 4.8k views
Here are some papers about the still rarely commented .NET file structure. They'll surely come in handy, when u're dealing with .net reversing... .NET PE file structure + .NET Resources + Code for a .NET-Resources-Viewer: tKC.rar(All by tKC - big thx for it !!!) The .NET File Format: http://www.ntcore.com/Files/dotnetformat.htm (by Daniel Pistelli) .NET Manifest Resources http://www.pmode.net/USERS/116/Files/manifestres.htm (by Daniel Pistelli) Physical Layout of a .NET Assembly http://www.samspublishing.com/articles/art...=25350&rl=1 (by Kevin Burton) Greets
-
.Net Manual Deobfuscating
by gholam.illidan- 2 followers
- 19 replies
- 17.1k views
is there any tut or e-book for .net manual unpacking and deobfuscating? (google == nothing) and some e-book on .net DataStructure. my .net cracking skill is verywell but im sucks in deobfuscating. tnx
-
.net Memory Security By Coderipper
by CodeExplorer- 1 reply
- 6.4k views
.NET memory security Loking under some encryption/decryption tutorial I've noticed that they use MemoryStream.ToArray(); MemoryStream.ToArray() is bad since will create a new byte array under memory – insted just use an UnmanagedMemoryStream and UnmanagedMemoryStream.GetBuffer()! But the contents of the UnmanagedMemoryStream buffer (you get him using GetBuffer()) will be still there even if I close the memory stream, set him to 0 and call System.GC.Collect() What is going on ? 1. The memory is released : According to Microsof the object is destroyed when all its references are explicitly set to null or it goes out of scope. 2. The contents is still there and probabily wo…
-
.NET-BroadcastEventWindow Error & Workaround
by CodeExplorer- 0 replies
- 6.4k views
.NET-BroadcastEventWindow Error & Workaround />http://social.msdn.microsoft.com/Forums/en/netfxbcl/thread/fb267827-1765-4bd9-ae2f-0abbd5a2ae22 />http://stackoverflow.com/questions/559241/need-help-deciphering-a-c-stack-trace
-
- 0 replies
- 5k views
It's a bit of a tacky title but the talk is very nice. Starts with a pretty good intro to how handles work inside the windows subsystem and how sessions and desktops come into all of this. />http://www.archive.org/details/Shattering_the_Windows_Message_Passing_Architecture_and_Security_Model
-
“Secure Password Managers” and “Military-Grade Encryption”
by Teddy Rogers- 0 replies
- 6.4k views
“Secure Password Managers” and “Military-Grade Encryption” on Smartphones: Oh, Really? />http://www.elcomsoft.com/WP/BH-EU-2012-WP.pdf Ted.
-
(RE) Mozilla FireFox
by JMC31337- 10 replies
- 7k views
Tested on FireFox v. 8 First thing is grab OllyDbg and do a search for intermodular calls in my case i see 00401D6B CALL DWORD PTR DS:[<&KERNEL32.IsDebugger>7C813133 kernel32.IsDebuggerPresent upon heading to that address i see CPU Disasm 00401CAF CC INT3 00401CB0 /> \55 PUSH EBP 00401CB1 |. 8BEC MOV EBP,ESP 00401CB3 |. 81EC 28030000 SUB ESP,328 00401CB9 |. A3 38424000 MOV DWORD PTR DS:[404238],EAX 00401CBE |. 890D 34424000 MOV DWORD PTR DS:[404234],ECX 00401CC4 |. 8915 30424000 MOV DWORD PTR DS:[404230],EDX 00401CCA |. 891D 2C424000 MOV DWORD PTR DS:[40422C],EBX 00401CD0 |. 8935 28424000 MOV DWORD PTR DS:[404228],ESI 00401CD6 |. …
-
- 0 replies
- 7.7k views
https://www.reverzor.com/ Universal Cloud Decompiler The first cloud based tool that decompiles almost everything! Decompile files on the fly, from everywhere, and on every device. PHP Encoded Reverzor can decompile most PHP encoded files. Examples are ionCube, Zend Guard, bCompiler bz2, TrueBug, Nu-Coder, MMCache, eAccelerator and more! .NET Binaries Reverzor can decompile all the latest C# and VB compiled related files, including EXE and DLLs. You are able to recover the full SLN project file for Visual Studio. Android APK Reverzor can decompile up to the latest Android apps, recovering almost all compiled binaries in to source files. Inc…
-
[.NET] Partition of ICorDebug
by sirp- 0 replies
- 4.7k views
Partition of ICorDebug The ICorDebug API (the API for debugging managed apps) is about 70 total interfaces. Here is how I'd group the interfaces together, along with my random comments about how various interfaces fit into the big picture. A quick comment about interface versioning: 1. ICorDebug is a COM-classic unmanaged interface. Most of the interfaces are derived from IUnknown because we wanted to avoid the diamond-inheritance problem when we needed to add version 2 interfaces. I've left the "Derives From" column blank if an interface derives from IUnknown. 2. Version 2 interfaces have the previous interface's name appended with a version number. (eg, "IFoo2") …
-
[AnyLanguage] Volcano - ASCII Art
by simple- 4 replies
- 11.2k views
2015 has been a very active year for volcanoes. It's a very active year for ascii art volcanos too \/\/\//<---------------- Peak of Eruption \ / \_/<------------------ Base of Eruption / \<------------------ Peak of volcano / \ / \ / \ /_________\<-------------- Base of Volcano CHALLENGE: Create a code (via function, stdin, etc) that accepts 2 inputs Input1 = Distance in lines between base and peak of volcano Input2 = Distance in lines between base and peak of eruption Based on these inputs, program should output to the console (s…
-
[book] 117 eBooks for Developing
by whoknows- 2 replies
- 6.9k views
117 eBooks for Developing: This include: Wrox Beginning Algorithms SourceCode, Borland Delphi 2005 for Win32 dotNET, Art of Assembly Programming, (mysql) Steve Suehring - MySQL Bible, O Reilly - Cpp in a Nutshell, Visual Basic .NET Black Book ... dn @: http://stealth.to/?id=afvn0vygo0q0gxri650bp0cd3wv2ttstyd
-
[crackme] Crackmes.de Collection 2011
by HellRaider- 5 replies
- 9.8k views
Well after the disappointing take down of Crackmes.de I took it upon myself to mirror the crackmes (thanks for the inspiration @darelgrif) as well as the solutions that were on that site. Please find the following linked zip that contains almost 1000 crackme’s for all levels. Please enjoy and mirror/spread. Author : Malware Ninja Author website : http://crackmes.de/ Download : http://tuts4you.com/request.php?3152
-
[crackme] CyberSecurity Challenge 2015
by Encrypto- 4 replies
- 8.2k views
Hi everyone, This challenge has been running the past couple of days and I think many of you here will find this of interest. Its open till the 18th of July so it would be advisable to not give out any solutions until that date has passed. http://cybersecuritychallenge.org.uk/competitors/competitions-overview/ Have fun! Its seriously interesting and challenging.
-
- 0 replies
- 4k views
An In-Depth Look into the Win32 Portable Executable File Format SUMMARY A good understanding of the Portable Executable (PE) file format leads to a good understanding of the operating system. If you know what's in your DLLs and EXEs, you'll be a more knowledgeable programmer. This article, the first of a two-part series, looks at the changes to the PE format that have occurred over the last few years, along with an overview of the format itself. After this update, the author discusses how the PE format fits into applications written for .NET, PE file sections, RVAs, the DataDirectory, and the importing of functions. An appendix includes lists of the relevant i…
-
[INFO] Peering Inside the PE
by sirp- 1 reply
- 5.5k views
Peering Inside the PE: A Tour of the Win32 Portable Executable File Format The format of an operating system's executable file is in many ways a mirror of the operating system. Although studying an executable file format isn't usually high on most programmers' list of things to do, a great deal of knowledge can be gleaned this way. In this article, I'll give a tour of the Portable Executable (PE) file format that Microsoft has designed for use by all their Win32®-based systems: Windows NT®, Win32s™, and Windows® 95. The PE format plays a key role in all of Microsoft's operating systems for the foreseeable future, including Windows 2000. If you use Win32s or Windows …
-
- 0 replies
- 5.2k views
0.4% of Public Keys Used for SSL Web Site Security Compromised />https://freedom-to-tinker.com/blog/nadiah/new-research-theres-no-need-panic-over-factorable-keys-just-mind-your-ps-and-qs/>http://eprint.iacr.org/2012/064.pdf Ted.
-
1 Mexican Crackme
by whoknows- 0 replies
- 5.7k views
https://medium.com/syscall59/solved-solving-mexican-crackme-82d71a28e189
-
- 0 replies
- 9.6k views
By default PowerShell is configured to prevent the execution of PowerShell scripts on Windows systems. This can be a hurdle for penetration testers, sysadmins, and developers, but it doesn't have to be. In this blog I'll cover 15 ways to bypass the PowerShell execution policy without having local administrator rights on the system. I'm sure there are many techniques that I've missed (or simply don't know about), but hopefully this cheat sheet will offer a good start for those who need it. What is the PowerShell Execution Policy? The PowerShell execution policy is the setting that determines which type of PowerShell scripts (if any) can be run on the system. By de…
-
- 0 replies
- 6.3k views
We have released 2 days of videos covering how to use IDA Pro to reverse the same CMU Binary Bomb lab that we cover in our Intro x86 assembly language class (where you have no tools more sophisticated than gdb.) The class also covers things such as how you can tell when an application is extracting data from its resources, inferring structure and C++ class definitions, and generally how C++ constructs such as classes, constructors/destructors, and virtual function tables manifest themselves in assembly. You can find the class page here: http://www.OpenSecur...ngineering.html But I would like to get your opinions and feedback on another matter. If you would kin…
-
2.85 GB of programming tutorials
by rubendodge- 7 replies
- 9.2k views
These couple hundred of tutorials also contains mainly game programming aswell . http://www.moviex.info/forums/index.php?ac...t=0#entry649239 NOTE:This website requires you to register at it to download stuff from it so register and enjoy first of all all these tutorials and second of all this great site to dl movies and stuff from .
-
2007 Internet Crime Report...
by Teddy Rogers- 0 replies
- 4.3k views
http://www.ic3.gov/media/annualreport/2007_IC3Report.pdf Ted.
-
4x5: Reverse Engineering Automation with Phyton
by CodeExplorer- 0 replies
- 5.3k views
4x5: Reverse Engineering Automation with Phyton: />https://www.blackhat.com/presentations/bh-usa-07/Carrera/Presentation/bh-usa-07-carrera.pdf
-
8086 Opcode Map
by CodeExplorer- 4 replies
- 42.5k views
8086 Opcode Map />http://www.mlsite.net/8086/ />http://board.flatassembler.net/topic.php?t=7803 />http://blog.llvm.org/2010/01/x86-disassembler.html />http://stackoverflow.com/questions/924303/how-to-write-a-disassembler />http://www.devmaster.net/forums/showthread.php?t=2311 />http://www.devmaster.net/codespotlight/show.php?id=25 Great one: />http://www.c-jump.com/CIS77/CPU/x86/lecture.html#X77_0040_opcode_sizes
-
- 0 replies
- 5.9k views
A (relatively easy to understand) primer on elliptic curve cryptography... http://arstechnica.com/security/2013/10/a-relatively-easy-to-understand-primer-on-elliptic-curve-cryptography/ Ted.
-
- 4 followers
- 23 replies
- 23.6k views
I once post it in a China forum, you can visit it in https://www.52pojie.cn/thread-762832-1-1.html by Google Translator I try my best to introduce it using English 1. download x64dbg and download the symbol file of clr.dll (mscorwks.dll if runtime is .net2.0~.net3.5) 2.set a breakpoint at "SystemDomain::ExecuteMainMethod" in clr.dll/mscorwks.dll and run 3.use MegaDumper (I use my ExtremeDumper based on codecracker's megadumper https://github.com/wwh1004/ExtremeDumper) to dump the main module when the program break at "SystemDomain::ExecuteMainMethod" 4.fix pe header and maybe you shoud also fix .net header This way is more complex than use Me…