-
Recent Posts
- Build nwjs12 for windows
- Deobfuscate Javascript using PhantomJS (Headless browser)
- Angler Exploit kit breaks Referer chain using HTTPS to HTTP redirection
- Instrument Microsoft Office applications to defeat macro obfuscations
- Dealing with pcaps in windows using Fiddler/FiddlerCore
- Extend Sulo to find the CVE of Flash exploits
- Understanding CVE-2015-0310 Flash vulnerability
- Build and use PCRE in windows
Top Clicks
- None
May 2024 S M T W T F S 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 -
Join 54 other subscribers
Category Archives: Reversing
Windows Process name hashes – List 1
accesschk.exe = 0x9ee47cc6accessenum.exe = 0x03e17cb7adexplorer.exe = 0x3ee17c67adinsight.exe = 0x9fe67ca6adrestore.exe = 0xbfe5fcceaircrack-ng gui.exe = 0x4d4668b4anubis.exe = 0x52d5fa16apimonitor.exe = 0x10ec3c9fapis32.exe = 0x6ed7fb8eapispy32.exe = 0x94d4bd8eautologon.exe = 0xace67d4eautoruns.exe = 0xbed23c1eautorunsc.exe = 0xb0e77dceavp.exe = 0x26cdf916bdagent.exe = 0x85d43a7ebginfo.exe = 0x40d4fa6ecacheset.exe = 0x83d77c26cain.exe = 0x4acdf96ecamrecorder.exe = 0x1ae33177camtasiastudio.exe … Continue reading
IDA Pro 6.3 and MyNav Plugin
If you are trying to use MyNav plugin using IDA Pro 6.3 then you will face issue while debugging. You need to apply few line changes in the code. Here is the patch you need to apply to the mynav.py … Continue reading
Posted in IDA Pro, Reversing
Tagged IDA Pro, IDA Python, IDAPython, MyNav error, MyNav plugin for IDAPro
Leave a comment
Assembly language programming using visual studio 2010
Recently we faced with the issue of including assembly code in a project. After lot of Googling we got the following links. Just sharing these links. http://stackoverflow.com/questions/2839710/how-to-inline-assembler-in-c-under-visual-studio-2010http://msdn.microsoft.com/en-us/library/26td21ds%28v=VS.80%29.aspxhttp://www.deconflations.com/2011/masm-assembly-in-visual-studio-2010/http://oradim.blogspot.in/2009/03/jmp-around-win64-with-ml64exe-and.htmlhttp://msdn.microsoft.com/en-us/magazine/cc300794.aspxhttp://blogs.msdn.com/b/oldnewthing/archive/2004/01/14/58579.aspx
Posted in C/C++, Reversing, Windows, Windows VC++
Tagged Assembly language in Visual Studio 2010
Leave a comment
IDA Toolbag by Aaron Portnoy
Those who are in the reversing field should try this. https://github.com/aaronportnoy/toolbag
IDC Script- Create Unicode String
//// This idc adds shortcuts to create unicode strings.// #include <idc.idc> static main() { DelHotkey(“Shift+U”); AddHotkey(“Shift+U”,”createunicodestring”); Message(“Press Shift+U @ EA to create unicode string”); Message(“Registered idc functions”);} // http://www.hex-rays.com/products/ida/support/freefiles/ldrmodules.idcstatic MakeNameWithType(ea, type){ auto old_type; old_type = GetLongPrm(INF_STRTYPE); SetLongPrm(INF_STRTYPE, type); … Continue reading
Patch symbols in a VxWorks image
Simple script that will populate the symbol information in a VxWorks image. You may need to change a bit (uncomment) to make it work. Here is the IDAPython Script. import idc,sys,string from idaapi import * # make sure you … Continue reading
Posted in IDA Pro, Reversing, Vxworks
Tagged IDA Pro, IDA Python, Patch VxWorks Symbol information, Reversing, VxWorks
1 Comment
Shellcode Detection Tool
Recently i got a chance to visit a link that is sent by one of my friend. It claims to detect shellcode in a file. So i decided to look into it because the original author didn’t share any technical … Continue reading
Posted in Reversing, Shellcode
Tagged OfficeMalScanner, Shellcode Detection tool, ShellDetect
Leave a comment
Reversing Vxworks image
Steps Find out the size of the header in the vxworks file. (i removed 32 bytes of header) Find out the rebase address of the program. (rebase address was at offset 0x14 to 0x17) You can get it from … Continue reading
Get the list of Hooked library functions
Most of the library hooking mechanism uses inline patching. Most of the time it uses x86 “jmp” instructions to hook the first instruction in the function. Here is a simple Immunity debugger script to find those hooked functions. import pefile … Continue reading
Posted in python, Reversing
Tagged Immunity Debugger Script, Python script, Reversing
Leave a comment