Reverse Engineering Articles
Share an interesting blog, news page or other RE related site...
350 topics in this forum
-
- 1 reply
- 6.8k views
Weird error using the method explained in “loading a dll from memory” article />http://www.computersecurityarticles.info/security/weird-error-using-the-method-explained-in-%E2%80%9Cloading-a-dll-from-memory%E2%80%9D-article/ DetectKernelCallbackTableHook: />http://code.google.com/p/win32-fake-program/updates/list
-
Archive for the ‘Notes on Windows Internals’ Category
by CodeExplorer- 0 replies
- 2.9k views
Archive for the ‘Notes on Windows Internals’ Category />http://www.softwaregeneralist.com/category/notes-on-windows-internals/page/3/
-
Windows Memory Layout, User-Kernel Address Spaces
by CodeExplorer- 0 replies
- 4.2k views
Windows Memory Layout, User-Kernel Address Spaces />http://www.openrce.org/reference_library/files/reference/Windows%20Memory%20Layout,%20User-Kernel%20Address%20Spaces.pdf
-
.NET-BroadcastEventWindow Error & Workaround
by CodeExplorer- 0 replies
- 8.3k views
.NET-BroadcastEventWindow Error & Workaround />http://social.msdn.microsoft.com/Forums/en/netfxbcl/thread/fb267827-1765-4bd9-ae2f-0abbd5a2ae22 />http://stackoverflow.com/questions/559241/need-help-deciphering-a-c-stack-trace
-
RT_MANIFEST resource, and ISOLATION_AWARE_ENABLED
by CodeExplorer- 0 replies
- 4.5k views
RT_MANIFEST resource, and ISOLATION_AWARE_ENABLED />http://blogs.msdn.com/b/junfeng/archive/2007/06/26/rt-manifest-resource-and-isolation-aware-enabled.aspx Specifying a Default Activation Context />http://msdn.microsoft.com/en-us/library/aa376607%28v=vs.85%29.aspx />http://www.jose.it-berater.org/smfforum/index.php?topic=2772.new
-
Speedy C# series - memory optimization
by CodeExplorer- 0 replies
- 4.8k views
Speedy C# series - memory optimization />http://robpaveza.net/speedy-c-part-2-optimizing-memory-allocations-pooling-and-reusing-objects />http://www.codeproject.com/KB/cpp/StackShrink.aspx />http://stackoverflow.com/questions/1984186/what-is-private-bytes-virtual-bytes-working-set
-
- 0 replies
- 3.3k views
The sequence of interactions between CLR loader and fusion during Assembly.Load />http://social.msdn.microsoft.com/forums/en-US/netfxbcl/thread/acac20f6-d70f-405f-9e0e-387078cbb4c3 />http://forum.sysinternals.com/why-some-net-assemblies-are-duplicated-in-memory_topic15279.html Apis used by Framework for mem alocation: />http://etutorials.org/Programming/programming+microsoft+visual+c+sharp+2005/Part+IV+Debugging/Chapter+13+Advanced+Debugging/Memory+Management/ />http://www.ms-news.net/f826/managed-heap-6470585.html />http://www.experts-exchange.com/Programming/Languages/.NET/A_3251-Garbage-Collection-Memory-Management-in-Net.html Garbage Collection: />…
-
The NT insider - In Denial - Debugging STATUS_ACCESS_DENIED
by CodeExplorer- 0 replies
- 3.3k views
In Denial - Debugging STATUS_ACCESS_DENIED : />http://www.osronline.com/article.cfm?id=459
-
Kernel-Mode Basics: Windows Linked Lists
by CodeExplorer- 0 replies
- 5.7k views
Kernel-Mode Basics: Windows Linked Lists />http://www.osronline.com/article.cfm?article=499
-
- 0 replies
- 5.8k views
JavaTM Virtual Machine Tool Interface (JVM TI) The JVMTM tool interface (JVM TI) is a native programming interface for use by tools. It provides both a way to inspect the state and to control the execution of applications running in the JavaTM virtual machine (JVM). JVM TI supports the full breadth of tools that need access to JVM state, including but not limited to: profiling, debugging, monitoring, thread analysis, and coverage analysis tools. Note: JVM TI was introduced at JDKTM 5.0. JVM TI replaces the Java Virtual Machine Profiler Interface (JVMPI) and the Java Virtual Machine Debug Interface (JVMDI) which, as of JDK 6, are no longer provided. JVM TI Refer…
-
Pe32 Format.
by high6- 6 replies
- 19.6k views
http://www.cs.ucsb.edu/~nomed/docs/pecoff.html awesome stuff, each part nicely explained. I am making a packer based on this . If this has been posted before sorry, didn't see anything.
-
- 4 replies
- 4.3k views
How Malware Defends Itself Using TLS Callback Functions Malware authors employ numerous and creative techniques to protect their executables from reverse-engineering. The arsenal includes an anti-debugging technique called TLS callback. The approach is not new, yet it is not widely understood by malware analysts, so I'd like to describe in this note. (Thanks to Christian Wojner from CERt.at for his insights regarding this topic!) What is TLS? According to Microsoft, Thread Local Storage (TLS) is a mechanism that allows Microsoft Windows to define data objects that are not automatic (stack) variables, yet are "local to each individual thread that runs the code. Thus,…
-
Reverse Engineering Linux x86 Binaries
by Rachel- 0 replies
- 4.4k views
Hello, I found a book two days ago and I think its suitable for this section. This book is for someone who wants to start crack softwares in linux I mean this book is kind of preface of RCE in the linux If you want to go more in depth, I suggest read third chapter of security warrior. published by O’Reilly Yet this is a good book Reverse Engineering Linux.pdf
-
[INFO] Peering Inside the PE
by sirp- 1 reply
- 6.1k views
Peering Inside the PE: A Tour of the Win32 Portable Executable File Format The format of an operating system's executable file is in many ways a mirror of the operating system. Although studying an executable file format isn't usually high on most programmers' list of things to do, a great deal of knowledge can be gleaned this way. In this article, I'll give a tour of the Portable Executable (PE) file format that Microsoft has designed for use by all their Win32®-based systems: Windows NT®, Win32s™, and Windows® 95. The PE format plays a key role in all of Microsoft's operating systems for the foreseeable future, including Windows 2000. If you use Win32s or Windows …
-
- 0 replies
- 4.3k views
An In-Depth Look into the Win32 Portable Executable File Format SUMMARY A good understanding of the Portable Executable (PE) file format leads to a good understanding of the operating system. If you know what's in your DLLs and EXEs, you'll be a more knowledgeable programmer. This article, the first of a two-part series, looks at the changes to the PE format that have occurred over the last few years, along with an overview of the format itself. After this update, the author discusses how the PE format fits into applications written for .NET, PE file sections, RVAs, the DataDirectory, and the importing of functions. An appendix includes lists of the relevant i…
-
Acronis True Image - Virtualize OS
by whoknows- 0 replies
- 3.5k views
watch @: http://www.4shared.com/file/T5XCZj6w/acronislive.html needed file @: http://scteam.tk/index.php?dir=AHCU/2010/10.October/
-
How Do You Debug A Movie
by sirp- 0 replies
- 5k views
How do you debug a movie? Before I get too old and forget, here is the story of one bug that I had to find when playing King Kong in the Xbox HD DVD player. It concludes with yet another reason I am so glad we’re not doing a Blu-ray player. The HD DVD team originally wrote the player software for what became the Toshiba A1 series HD DVD players. Those players were basically x86-based laptop boards with an optical drive and video decoding hardware added, running Linux. Toshiba wrote the audio/video pipeline and we wrote the rest of the player. After that initial Toshiba release we really got going on a version for the Xbox 360, which shared much of the codebase but had som…
-
Long List Of UnPackMe Formats... 1 2
by Teddy Rogers- 30 replies
- 25.2k views
I've added some new PE32 unpackme formats to Tuts 4 You. Rather than create a topic for each format I'll just give the list here: AlexProtector 1.0 Beta 2, Anskya Polymorphic Packer 1.3, AZProtect 0001, ExeFog 1.1, Hmimys Packer 1.0, JDPack 1.01 (Repacked), JDPack 2.00, JeyJey UPX Protector, Kkrunchy 0.23, Password Protect UPX 0.30, PeStubOEP 1.6, PolyCrypt PE 2.00, RLPack 1.0, Simple Pack 1.0, Simple Pack 1.11, Simple Pack 1.2, softSENTRY 3.00, Software Compress LITE 1.4, UnOpix 1.10, UPXScramb 2.2, VMProtect 1.1, VMProtect 1.2, VMProtect 1.21, VMProtect 1.22, VMProtect 1.24 There are more planned when I get the time, such as; Armadillo, ASProtect, Themida, Enigma, Mol…
-
Nice Reading : Tiny PE
by sirp- 1 reply
- 5.5k views
Tiny PE Creating the smallest possible PE executable This work was inspired by the Tiny PE challenge by Gil Dabah. The object of the challenge was to write the smallest PE file that downloads a file from the Internet and executes it. In the process of writing increasingly smaller PE files for the challenge I learned a lot of interesting details about the PE file format and the Windows loader. The goal of this document is to preserve this knowledge for future reference. In this, I have followed the example of the famous Whirlwind Tutorial on Creating Really Teensy ELF Executables for Linux. TinyPe
-
- 0 replies
- 5k views
just came across this guys youtube channel..watched a vid of him genning Super AntiSpyware pro and several other crackmes etc and found it neat.. probably easy stuff for most of ya but mayb helpful for others (or mayb not hehe) http://www.youtube.com/user/fjlj cheers B @teddy..im guessing this is the right section 4 this (im probably wrong)..if not do ur thang..
-
- 0 replies
- 4.1k views
Superb book about hacking ... pitty its chinese book
-
Applied Binary Code Obfuscation
by sirp- 0 replies
- 3.1k views
Applied Binary Code Obfuscation Introduction An obfuscated code is the one that is hard (but not impossible) to read and understand. Sometimes corporate developers, programmers and malware coders for security reasons, intentionally obfuscate their software in an attempt to delay reverse engineering or confuse antivirus engines from identifying malicious behaviors. Nowadays, obfuscation is often applied to object oriented cross-platform programming languages like Java, .NET (C#, VB), Perl, Ruby, Python and PHP. That is because their code can be easily decompiled and examined making them vulnerable to reverse engineering. On the other hand, obfuscating binary code is not as…
-
Sitegrinder workaround found
by Gravity Traveler- 12 replies
- 9.8k views
Hello all! Please bump this where it needs to go... In searching for a solution to cracking the demo protection of Sitegrinder 2 by MediaLab (Sitegrinder is a photoshop plugin that transforms layers into a website), I stumbled upon some archived posts from this board that I can't seem to find any longer. Anyways, they steered me in the right direction, so I thought I'd share some of my results. This is actually a ridiculously simple workaround, and though it doesn't modify any code or require any reversing, I thought you all might appreciate it none-the-less because there is no known crack for this program. Getting right to it, when you click on "build" in the Sitegrin…
-
- 0 replies
- 4.1k views
I got this message: ----------------------------------------------------------------------------- Hi again, because there are no solving about (applications challenges on HBH, HTS, TIL,.) at Internet, I decided solving also publishing them , By the way do not try to search about that because you will find nothing, also do not follow my solving for earning some points or effecting and if you want to earn points change my account because all tube have my own serials, so changing then earning some points.. I do not fit to any team - HTS (hackthissite.org) How to crack (solve) all apps of www.hackthissite.org part1 (( apps 1, 2, 3, 4, 5, 6, 7 )) http://www.youtube.com/…
-
Ten Years of Innovation in Reverse Engineering
by Teddy Rogers- 3 replies
- 4.1k views
/>http://blog.zynamics.com/2010/05/17/ten-years-of-innovation-in-reverse-engineering-2/ Ted.
