Category Archives: Reversing

Windows Process name hashes – List 1

Posted on September 18, 2014 by hiddencodes

accesschk.exe                      = 0x9ee47cc6accessenum.exe                  = 0x03e17cb7adexplorer.exe                     = 0x3ee17c67adinsight.exe                       = 0x9fe67ca6adrestore.exe                       = 0xbfe5fcceaircrack-ng gui.exe             = 0x4d4668b4anubis.exe                           = 0x52d5fa16apimonitor.exe                   = 0x10ec3c9fapis32.exe                           = 0x6ed7fb8eapispy32.exe                       = 0x94d4bd8eautologon.exe                    = 0xace67d4eautoruns.exe                      = 0xbed23c1eautorunsc.exe                    = 0xb0e77dceavp.exe                               = 0x26cdf916bdagent.exe                       = 0x85d43a7ebginfo.exe                          = 0x40d4fa6ecacheset.exe                      = 0x83d77c26cain.exe                             = 0x4acdf96ecamrecorder.exe               = 0x1ae33177camtasiastudio.exe           … Continue reading

Posted in Malware, Malware Analyzer, Reversing, Shellcode, Windows | Tagged , , , , | Leave a comment

IDA Pro 6.3 and MyNav Plugin

Posted on July 23, 2013 by hiddencodes

If you are trying to use MyNav plugin using IDA Pro 6.3 then you will face issue while debugging. You need to apply few line changes in the code. Here is the patch you need to apply to the mynav.py … Continue reading

Posted in IDA Pro, Reversing | Tagged , , , , | Leave a comment

Assembly language programming using visual studio 2010

Posted on September 20, 2012 by hiddencodes

Recently we faced with the issue of including assembly code in a project. After lot of Googling we got the following links. Just sharing these links. http://stackoverflow.com/questions/2839710/how-to-inline-assembler-in-c-under-visual-studio-2010http://msdn.microsoft.com/en-us/library/26td21ds%28v=VS.80%29.aspxhttp://www.deconflations.com/2011/masm-assembly-in-visual-studio-2010/http://oradim.blogspot.in/2009/03/jmp-around-win64-with-ml64exe-and.htmlhttp://msdn.microsoft.com/en-us/magazine/cc300794.aspxhttp://blogs.msdn.com/b/oldnewthing/archive/2004/01/14/58579.aspx

Posted in C/C++, Reversing, Windows, Windows VC++ | Tagged | Leave a comment

IDA Toolbag by Aaron Portnoy

Posted on June 11, 2012 by hiddencodes

Those who are in the reversing field should try this.    https://github.com/aaronportnoy/toolbag

Posted in Binary Auditing, IDA Pro, Reversing | Tagged , | Leave a comment

IDC Script- Create Unicode String

Posted on February 9, 2012 by hiddencodes

////    This idc adds shortcuts to create unicode strings.// #include <idc.idc> static main() {    DelHotkey(“Shift+U”);     AddHotkey(“Shift+U”,”createunicodestring”);    Message(“Press Shift+U @ EA to create unicode string”);        Message(“Registered idc functions”);} // http://www.hex-rays.com/products/ida/support/freefiles/ldrmodules.idcstatic MakeNameWithType(ea, type){  auto old_type;  old_type = GetLongPrm(INF_STRTYPE);  SetLongPrm(INF_STRTYPE, type);  … Continue reading

Posted in IDA Pro, Reversing | Tagged , , , | Leave a comment

Immunity Debugger Pycommand – listhooked

Posted on February 9, 2012 by hiddencodes

  Simple pycommand to list the hooked library functions. What it does is, goes through each and every loaded module and get the list of exported functions and see is there a jmp instruction at the start of this function. … Continue reading

Posted in Reversing | Tagged , , , , | 1 Comment

Patch symbols in a VxWorks image

Posted on January 23, 2012 by hiddencodes

Simple script that will populate the symbol information in a VxWorks image. You may need to change a bit (uncomment) to make it work. Here is the IDAPython Script.   import idc,sys,string from idaapi import * # make sure you … Continue reading

Posted in IDA Pro, Reversing, Vxworks | Tagged , , , , | 1 Comment

Shellcode Detection Tool

Posted on January 19, 2012 by hiddencodes

Recently i got a chance to visit a link that is sent by one of my friend. It claims to detect shellcode in a file. So i decided to look into it because the original author didn’t share any technical … Continue reading

Posted in Reversing, Shellcode | Tagged , , | Leave a comment

Reversing Vxworks image

Posted on January 15, 2012 by hiddencodes

Steps Find out the size of the header in the vxworks file. (i removed 32 bytes of header) Find out the rebase address of the program.  (rebase address was at offset 0x14 to 0x17)     You can get it from … Continue reading

Posted in Reversing, Vxworks | Tagged , | 1 Comment

Get the list of Hooked library functions

Posted on January 1, 2012 by hiddencodes

Most of the library hooking mechanism uses inline patching. Most of the time it uses x86 “jmp” instructions to hook the first instruction in the function. Here is a simple Immunity debugger script to find those hooked functions. import pefile … Continue reading

Posted in python, Reversing | Tagged , , | Leave a comment