Reverse Engineering Articles
Share an interesting blog, news page or other RE related site...
346 topics in this forum
-
- 3 replies
- 5.7k views
DecryptoCat http://tobtu.com/decryptocat.php Ted.
-
Injecting 64-Bit DLLs Into 32-Bit Process
by waliedassar- 5 replies
- 13.1k views
Discusses Wow64Log.Dll and how it can be used to inject 64-bit DLLs into Wow64 (32-Bit) Processes. http://waleedassar.blogspot.com/2013/01/wow64logdll.html
-
Wow64-Specific Anti-Debug Trick
by waliedassar- 1 reply
- 5.2k views
My blog post where i discuss my finding of a Wow64-Specific Anti-Debug Trick http://waleedassar.blogspot.com/2013/01/wow64-specific-anti-debug-trick.html Have Fun
-
- 0 replies
- 5.8k views
Violent Python: A Cookbook for Hackers, Forensic Analysts, Penetration Testers and Security Engineers I have not read this myself but it seems to be getting a lot of rave reviews. I have seen it selling on Amazon and Google as both eBook and paperback. You can find a preview here... />http://books.google.com.au/books/elsevier?id=2XliiK7FKoEC&printsec=frontcover Ted.
-
Hiding Threads From Debuggers
by waliedassar- 1 follower
- 3 replies
- 7.8k views
My lastest blog post where i discuss in detail the topic of hiding threads from debuggers. http://waleedassar.b...-debuggers.html Have fun.
-
SuppressDebugMsg As Anti-Debug Trick
by waliedassar- 1 reply
- 4.9k views
My latest blog post where i explain a new anti-debug trick. http://waleedassar.blogspot.com/2012/11/suppressdebugmsg-as-anti-debug-trick.html Have fun
-
WWII Cipher yet to be cracked
by chickenbutt- 0 replies
- 5.1k views
Thought some people would find this interesting />http://www.bbc.co.uk/news/uk-20456782
-
OllyDbg RaiseException Bug
by waliedassar- 1 reply
- 5.4k views
Another OllyDbg bug. http://waleedassar.blogspot.com/2012/11/ollydbg-raiseexception-bug.html
-
Defeating Memory Breakpoints
by waliedassar- 1 reply
- 4.7k views
My latest blog post where i explain two anti-Memory-Breakpoints tricks. http://waleedassar.b...reakpoints.html Any comments or ideas are very welcome
-
- 3 replies
- 5.4k views
https://lock.cmpxchg8b.com/sophailv2.pdfThat`s some nice stuff, right there. :S
-
SizeOfStackReserve As Anti-Attaching Trick
by waliedassar- 0 replies
- 4.5k views
My latest blog post where i explain a new anti-attaching trick. http://waleedassar.blogspot.com/2012/11/sizeofstackreserve-as-anti-attaching.html Any comments or ideas are very welcome
-
Virtual PC 2007 Detection Tricks
by waliedassar- 3 replies
- 4.9k views
My latest blog post about Virtual PC detection Virtual PC Machine Reset: http://waleedassar.b...hine-reset.html Virtual PC vs. Resume Flag: http://waleedassar.b...esume-flag.html Virtual PC vs. DR7: http://waleedassar.b...-pc-vs-dr7.html Virtual PC vs. CPUID: http://waleedassar.blogspot.com/2012/10/virtual-pc-vs-cpuid.html Still more tricks on the way. Have fun.
-
Cross-VM Side Channels and Their Use to Extract Private Keys...
by Teddy Rogers- 0 replies
- 4.6k views
I found this a very interesting paper on recovering information from resident neighboring virtual machines using side channels attacks. Whilst this is technically for a very specific attack it could possibly be explored further and exploited over time... http://www.cs.unc.ed...rs/2012/CCS.pdf Ted.
-
PAGE_EXECUTE_WRITECOPY As Anti-Debug Trick
by waliedassar- 10 replies
- 7.5k views
Here you can find it http://waleedassar.blogspot.com/2012/09/pageexecutewritecopy-as-anti-debug-trick.html Any ideas or comments are more than welcome.
-
Magazine about software reverse engineering
by WojciechBusz- 5 replies
- 6k views
I just want to let you know about the upcoming issue of Software Developer's Journal. SDJ is an on-line magazine aimed at programmers. The upcoming series of issues will be devoted to software reverse engineering (IDA, OllyDbg, malware reversing etc.). You can download a free teaser here: http://sdjournal.org/pre-purchase-the-upcoming-issue-of-sdj-and-learn-how-to-reverse-engineer/ The first issue of the series will be live on September 22nd.
-
Anti-Dumping - Part 3
by waliedassar- 9 replies
- 6.5k views
Here you can find it. http://waleedassar.blogspot.com/2012/09/anti-dumping-part-3.html Comments and ideas are very welcome.
-
Common misconceptions of password cracking...
by Teddy Rogers- 0 replies
- 4.5k views
Common Misconceptions of Password Cracking />http://erratasec.blogspot.com.au/2012/08/common-misconceptions-of-password.html Ted.
-
Modifying Binaries Tutorial
by R4ndom- 2 replies
- 5.3k views
I have just completed a tutorial called "The Never Ending Program". It allows you to hijack an application and every time the user tries to close it, a custom message box will pop up, and the app will not close. />http://thelegendofrandom.com/blog/archives/1347
-
TastenTrick - Legally "crack" this software for your own usage
by Teddy Rogers- 0 replies
- 5.1k views
Christian Deneke, the author of a piece of software called TastenTrick which, allows you to take notes has allowed reverse engineers to legally crack his program. You can find a download of TastenTrick here... http://tastentrick.de/download Please remember even though he said it is free to crack lets respect good software and support developers... Ted.
-
User-mode System Call Hooking
by waliedassar- 2 replies
- 5.4k views
Here you can find my two posts about implementing system calls hooks from user-mode in Wow64 processes and native x86 processes: http://waleedassar.b...ls-hooking.html http://waleedassar.b...stem-calls.html
-
- 0 replies
- 6.3k views
We have released 2 days of videos covering how to use IDA Pro to reverse the same CMU Binary Bomb lab that we cover in our Intro x86 assembly language class (where you have no tools more sophisticated than gdb.) The class also covers things such as how you can tell when an application is extracting data from its resources, inferring structure and C++ class definitions, and generally how C++ constructs such as classes, constructors/destructors, and virtual function tables manifest themselves in assembly. You can find the class page here: http://www.OpenSecur...ngineering.html But I would like to get your opinions and feedback on another matter. If you would kin…
-
- 0 replies
- 5.2k views
This presentation will cover the Black Arts of making Cracks, KeyGens, Malware, and more. The information in this presentation will allow a .NET programmer to do unspeakable things .NET applications. I will cover the life cycle of developing such attacks and over coming common countermeasures to stop such attacks. New tools to assist in the attacks will be supplied. This presentation will focus on C# but applies to any application based on the .NET framework. http://www.youtube.com/watch?v=HKIR3yLGfHY
-
IDA Pro CodeView Parsing Bug
by waliedassar- 0 replies
- 5.4k views
In this post i will share with you another bug that i have found in IDA. This one is different from the previous one in that: 1) It is in code responsible for parsing CodeView debug info. 2) It crashes the current IDA instance with a minidump. While trying to figure out how IDA reads various debug info, i found that old CodeView formats are also supported by IDA (Also, the demo version). So, i decided to give it a shot and try to find anything useful inside. Understanding the CodeView format was also kept in mind. Code responsible for reading various debug info lies within dbg.ldw, a dynamic link library that resides in the "loaders" directory. Since the CodeView for…
-
IDA Pro COFF Debug Info Parsing Bug
by waliedassar- 2 replies
- 5.6k views
In this post i will share something that may be considered as a bug in IDA. The bug is as follows: If we manipulate the value of the "NumberOfSymbols" field in the "IMAGE_COFF_SYMBOLS_HEADER" structure, we can force IDA to abort processing the whole PE and quickly terminate. When manipulating this field, just make sure to set a compatible value for the "SizeOfData" field in the "IMAGE_DEBUG_DIRECTORY" structure and also have a compatible file size by appending null bytes to the file end. When calculating the required memory size for symbol entries using the spoofed value, IDA detects an overflow. After clicking the ok button in the image above, IDA quickly termin…
-
- 0 replies
- 4.1k views
Hello all, slides and tools (binaries+source code) of the talk we gave at RECon with @fdfalcon are availabe. Enjoy!.