Reverse Engineering Articles

DecryptoCat - Cryptocat is run by people that don't know crypto...

July 4, 2013 by Teddy Rogers

3 replies
5.7k views

DecryptoCat http://tobtu.com/decryptocat.php Ted.

Last reply by mrexodia, July 7, 2013

Injecting 64-Bit DLLs Into 32-Bit Process

January 26, 2013 by waliedassar

5 replies
13.1k views

Discusses Wow64Log.Dll and how it can be used to inject 64-bit DLLs into Wow64 (32-Bit) Processes. http://waleedassar.blogspot.com/2013/01/wow64logdll.html

Last reply by Computer_Angel, June 18, 2013

Wow64-Specific Anti-Debug Trick

January 29, 2013 by waliedassar

1 reply
5.2k views

My blog post where i discuss my finding of a Wow64-Specific Anti-Debug Trick http://waleedassar.blogspot.com/2013/01/wow64-specific-anti-debug-trick.html Have Fun

Last reply by Nacho_dj, January 29, 2013

Violent Python: A Cookbook for Hackers, Forensic Analysts, Penetration

December 2, 2012 by Teddy Rogers

0 replies
5.8k views

Violent Python: A Cookbook for Hackers, Forensic Analysts, Penetration Testers and Security Engineers I have not read this myself but it seems to be getting a lot of rave reviews. I have seen it selling on Amazon and Google as both eBook and paperback. You can find a preview here... />http://books.google.com.au/books/elsevier?id=2XliiK7FKoEC&printsec=frontcover Ted.

Last reply by Teddy Rogers, December 2, 2012

Hiding Threads From Debuggers

November 24, 2012 by waliedassar

1 follower
3 replies
7.8k views

My lastest blog post where i discuss in detail the topic of hiding threads from debuggers. http://waleedassar.b...-debuggers.html Have fun.

Last reply by waliedassar, November 26, 2012

SuppressDebugMsg As Anti-Debug Trick

November 25, 2012 by waliedassar

1 reply
4.9k views

My latest blog post where i explain a new anti-debug trick. http://waleedassar.blogspot.com/2012/11/suppressdebugmsg-as-anti-debug-trick.html Have fun

Last reply by Teddy Rogers, November 25, 2012

WWII Cipher yet to be cracked

November 23, 2012 by chickenbutt

0 replies
5.1k views

Thought some people would find this interesting />http://www.bbc.co.uk/news/uk-20456782

Last reply by chickenbutt, November 23, 2012

OllyDbg RaiseException Bug

November 18, 2012 by waliedassar

1 reply
5.4k views

Another OllyDbg bug. http://waleedassar.blogspot.com/2012/11/ollydbg-raiseexception-bug.html

Last reply by quosego, November 18, 2012

Defeating Memory Breakpoints

November 12, 2012 by waliedassar

1 reply
4.7k views

My latest blog post where i explain two anti-Memory-Breakpoints tricks. http://waleedassar.b...reakpoints.html Any comments or ideas are very welcome

Last reply by RustyNail, November 13, 2012

Sophail: Applied attacks against Sophos Antivirus

November 5, 2012 by deepzero

3 replies
5.4k views

https://lock.cmpxchg8b.com/sophailv2.pdfThat`s some nice stuff, right there. :S

Last reply by Teddy Rogers, November 9, 2012

SizeOfStackReserve As Anti-Attaching Trick

November 6, 2012 by waliedassar

0 replies
4.5k views

My latest blog post where i explain a new anti-attaching trick. http://waleedassar.blogspot.com/2012/11/sizeofstackreserve-as-anti-attaching.html Any comments or ideas are very welcome

Last reply by waliedassar, November 6, 2012

Virtual PC 2007 Detection Tricks

October 29, 2012 by waliedassar

3 replies
4.9k views

My latest blog post about Virtual PC detection Virtual PC Machine Reset: http://waleedassar.b...hine-reset.html Virtual PC vs. Resume Flag: http://waleedassar.b...esume-flag.html Virtual PC vs. DR7: http://waleedassar.b...-pc-vs-dr7.html Virtual PC vs. CPUID: http://waleedassar.blogspot.com/2012/10/virtual-pc-vs-cpuid.html Still more tricks on the way. Have fun.

Last reply by waliedassar, October 30, 2012

Cross-VM Side Channels and Their Use to Extract Private Keys...

October 28, 2012 by Teddy Rogers

0 replies
4.6k views

I found this a very interesting paper on recovering information from resident neighboring virtual machines using side channels attacks. Whilst this is technically for a very specific attack it could possibly be explored further and exploited over time... http://www.cs.unc.ed...rs/2012/CCS.pdf Ted.

Last reply by Teddy Rogers, October 28, 2012

PAGE_EXECUTE_WRITECOPY As Anti-Debug Trick

September 28, 2012 by waliedassar

10 replies
7.5k views

Here you can find it http://waleedassar.blogspot.com/2012/09/pageexecutewritecopy-as-anti-debug-trick.html Any ideas or comments are more than welcome.

Last reply by ghandi, October 18, 2012

Magazine about software reverse engineering

September 14, 2012 by WojciechBusz

5 replies
6k views

I just want to let you know about the upcoming issue of Software Developer's Journal. SDJ is an on-line magazine aimed at programmers. The upcoming series of issues will be devoted to software reverse engineering (IDA, OllyDbg, malware reversing etc.). You can download a free teaser here: http://sdjournal.org/pre-purchase-the-upcoming-issue-of-sdj-and-learn-how-to-reverse-engineer/ The first issue of the series will be live on September 22nd.

Last reply by data_sniper, September 16, 2012

Anti-Dumping - Part 3

September 8, 2012 by waliedassar

9 replies
6.5k views

Here you can find it. http://waleedassar.blogspot.com/2012/09/anti-dumping-part-3.html Comments and ideas are very welcome.

Last reply by waliedassar, September 9, 2012

Common misconceptions of password cracking...

August 23, 2012 by Teddy Rogers

0 replies
4.5k views

Common Misconceptions of Password Cracking />http://erratasec.blogspot.com.au/2012/08/common-misconceptions-of-password.html Ted.

Last reply by Teddy Rogers, August 23, 2012

Modifying Binaries Tutorial

August 1, 2012 by R4ndom

2 replies
5.3k views

I have just completed a tutorial called "The Never Ending Program". It allows you to hijack an application and every time the user tries to close it, a custom message box will pop up, and the app will not close. />http://thelegendofrandom.com/blog/archives/1347

Last reply by aSh, August 15, 2012

TastenTrick - Legally "crack" this software for your own usage

July 30, 2012 by Teddy Rogers

0 replies
5.1k views

Christian Deneke, the author of a piece of software called TastenTrick which, allows you to take notes has allowed reverse engineers to legally crack his program. You can find a download of TastenTrick here... http://tastentrick.de/download Please remember even though he said it is free to crack lets respect good software and support developers... Ted.

Last reply by Teddy Rogers, July 30, 2012

User-mode System Call Hooking

July 28, 2012 by waliedassar

2 replies
5.4k views

Here you can find my two posts about implementing system calls hooks from user-mode in Wow64 processes and native x86 processes: http://waleedassar.b...ls-hooking.html http://waleedassar.b...stem-calls.html

Last reply by waliedassar, July 28, 2012

2 days of Intro RE class videos posted

July 10, 2012 by xsk

0 replies
6.3k views

We have released 2 days of videos covering how to use IDA Pro to reverse the same CMU Binary Bomb lab that we cover in our Intro x86 assembly language class (where you have no tools more sophisticated than gdb.) The class also covers things such as how you can tell when an application is extracting data from its resources, inferring structure and C++ class definitions, and generally how C++ constructs such as classes, constructors/destructors, and virtual function tables manifest themselves in assembly. You can find the class page here: http://www.OpenSecur...ngineering.html But I would like to get your opinions and feedback on another matter. If you would kin…

Last reply by xsk, July 10, 2012

Hacking .NET(C#) Applications: The Black Arts (v2)

July 2, 2012 by Soro

0 replies
5.2k views

This presentation will cover the Black Arts of making Cracks, KeyGens, Malware, and more. The information in this presentation will allow a .NET programmer to do unspeakable things .NET applications. I will cover the life cycle of developing such attacks and over coming common countermeasures to stop such attacks. New tools to assist in the attacks will be supplied. This presentation will focus on C# but applies to any application based on the .NET framework. http://www.youtube.com/watch?v=HKIR3yLGfHY

Last reply by Soro, July 2, 2012

IDA Pro CodeView Parsing Bug

June 30, 2012 by waliedassar

0 replies
5.4k views

In this post i will share with you another bug that i have found in IDA. This one is different from the previous one in that: 1) It is in code responsible for parsing CodeView debug info. 2) It crashes the current IDA instance with a minidump. While trying to figure out how IDA reads various debug info, i found that old CodeView formats are also supported by IDA (Also, the demo version). So, i decided to give it a shot and try to find anything useful inside. Understanding the CodeView format was also kept in mind. Code responsible for reading various debug info lies within dbg.ldw, a dynamic link library that resides in the "loaders" directory. Since the CodeView for…

Last reply by waliedassar, June 30, 2012

IDA Pro COFF Debug Info Parsing Bug

June 22, 2012 by waliedassar

2 replies
5.6k views

In this post i will share something that may be considered as a bug in IDA. The bug is as follows: If we manipulate the value of the "NumberOfSymbols" field in the "IMAGE_COFF_SYMBOLS_HEADER" structure, we can force IDA to abort processing the whole PE and quickly terminate. When manipulating this field, just make sure to set a compatible value for the "SizeOfData" field in the "IMAGE_DEBUG_DIRECTORY" structure and also have a compatible file size by appending null bytes to the file end. When calculating the required memory size for symbol entries using the spoofed value, IDA detects an overflow. After clicking the ok button in the image above, IDA quickly termin…

Last reply by waliedassar, June 22, 2012

RECon 2012 - Material of our talk (Anti-DBI)

June 21, 2012 by NCR

0 replies
4.1k views

Hello all, slides and tools (binaries+source code) of the talk we gave at RECon with @fdfalcon are availabe. Enjoy!.

Last reply by NCR, June 21, 2012

Sign In