|
|
 |
Lenas Reversing for Newbies [ Nice collection of tutorials aimed particularly for newbie reverse enginners... ] |
|
|
|
|
 Reversing for Newbies 09 Conny | 11 May : 15:19 | Guest
Reply to this | Lena ! Great job ! Excellent Tuts !! Better than Sandman in the past , realy !!
[ edited 13 May : 12:31 ] |
| Reversing for Newbies 09 $DASH$ | 09 Dec : 05:50 | Guest
Reply to this | Thanks Lena I was looking for this from ages |
| Reversing for Newbies 09 Nerox | 20 Jan : 09:40 | Guest
Reply to this | can samebody help me my code in olly looks othen then by Lena an so the most ist not unterstandable |
| Reversing for Newbies 09 STN | 21 Jan : 05:41 | Guest
Reply to this | Obviously, addresses will be different but the instruction will be same . Or you have some other problem ?! |
| Reversing for Newbies 09 Nerox | 24 Jan : 09:13 | Guest
Reply to this | My problem is Lena set BP´s in the begin (in the tut 78) and by me were 88 Bp´s set an the next lins of code where the tut is runing are some other´s so I wouldn`t find the point self and so I could not solve this part self. |
| Reversing for Newbies 09 Nerox | 24 Jan : 13:11 | Guest
Reply to this | Part solved in Concequens of my 88 BP`s I must jump 2 jumps |
| Reversing for Newbies 09 opo | 29 Jan : 21:45 | Guest
Reply to this | Hello , i manage to arrive to this lesson but don't find for download good version of SmartCheck. I have one but doesn't want to install. I need link for that please |
| | Re: Reversing for Newbies 09 noks | 06 Feb : 16:17 | Guest
Reply to this | this one doesn't seem to work on mine..!
whenever I enter my 'personalised' serial key (which funnily enough happened to also be the serial in lenas SmartCheck section) the program says its successful but 2 seconds after clicking OK, the registration thing comes up again, I enter the serial, click ok, same thing happens again!
Did anyone else have this problem? Or is it just my laptop!?
and 'opo', I downloaded mine from here:
http://www.fullandfree.info/software/numega-smart-check-v62-build-1286/ |
| | Reversing for Newbies 09 guest | 07 Sep : 10:35 | Guest
Reply to this | I am doing something strange.Perhaps. when I click run button nothing happens. I have configured smart check as per lens151 tut. my application is in vb5.
why am I getting blank space with no events?
help if you please. I have googled for this but with out
success. |
| Reversing for Newbies 09 one1 | 19 Jan : 22:11 | Guest
Reply to this | this was absolutly the worst tutorial seen on those series so far.
as string refering won't help anyone in more complexed schemes so wouldn't the API refering technic.
this is absolutly once in a.. chance of finding the serial routin.
this won't lead to any deep understanding of the substance
but rather to confusion&disclarity it will. |
| Reversing for Newbies 09 one1 | 20 Jan : 14:20 | Guest
Reply to this | on that subject,note smarcheck's handling which is much more efficiant and actualy enskilling! |
| Reversing for Newbies 09 Adicus | 25 Jul : 00:40 | Guest
Reply to this | I thought this was a really slick tut. In all actuality, it may or may not be this easy on other applications but it's nice to know these "tricks". I even made a notepad .txt about the vba stuff just in case. My "Unicode" "key" worked like a charm!
On another note, when I was looking for Smart Check I eventually found a .rar file to download from a freeware site (one of the first few available after Googling) . Thankfully I scanned before opening it as it apparently had a Trojan %-6 hiding in it. THANK YOU FOR THESE GREAT QUALITY TUTORIALS LENA! I AM LEARNING SOOO MUCH! |
| Reversing for Newbies 09 DistortioN | 05 Feb : 18:40 | Guest
Reply to this | Hi, first off all i would like to thank you for your great works on theese tuts. Must not been easy for you writing theese since you are dutch right (im to, and i see your windows is in dutch so :p) But i have some troubles on smartcheck, all programs i try to open i get an application error... I tought maybe it had something to do with the app so i jumped to the next tut as you said we where going to do some more.. but i get the same errors. also it opens 2 instances of the program ? I wanted to upload a screenshot ... but it seems im not allowed ... :s I get the error : the application was unable to start correctly (0x00000005). Click OK to close the application.
Also it loads some dll's
-
CREATE_PROCESS: 00400000
LOAD_DLL base:776D0000 ntdll.dll
LOAD_DLL base:75B20000 KERNEL32.dll
LOAD_DLL base:75AD0000 KERNELBASE.dll
LOAD_DLL base:00290000
LOAD_DLL base:75F40000 USER32.dll
LOAD_DLL base:76040000 GDI32.dll
LOAD_DLL base:77820000 LPK.dll
LOAD_DLL base:75C00000 USP10.dll
LOAD_DLL base:76110000 msvcrt.dll
LOAD_DLL base:76350000 ADVAPI32.dll
LOAD_DLL base:76260000 SECHOST.dll
LOAD_DLL base:75E90000 RPCRT4.dll
LOAD_DLL base:764F0000 OLEAUT32.dll
LOAD_DLL base:773D0000 ole32.dll
LOAD_DLL base:74D20000 VERSION.dll
LOAD_DLL base:758D0000 COMCTL32.dll
LOAD_DLL base:76780000 SHELL32.dll
LOAD_DLL base:77830000 SHLWAPI.dll
LOAD_DLL base:72180000 WSOCK32.dll
LOAD_DLL base:761C0000 WS2_32.dll
LOAD_DLL base:778F0000 NSI.dll
EXIT_PROCESS
http://img522.imageshack.us/img522/4816/screencapturegj.jpg
But as you see ... no msvbvm50.dll or msvbvm60.dll im a complete noob to this but isnt it supposed to load one of thoose dll's to since its in vb and like you said allmost everything in vb runs trough the dll right ?
Sorry for the above spam, hope to get an answer on this xD |
| Reversing for Newbies 09 lena151_ | 10 Feb : 19:29 | Guest
Reply to this | Either there must be something wrong with your settings or it's a problem with a newer windows?
BTW, Smartcheck has become kind of obsolete nowadays since there is no more VB (it's .NET now). So, see it like a "For old times sake" exercise ;)
Success!
lena151. |
| Reversing for Newbies 09 Somebody | 18 Feb : 06:16 | Guest
Reply to this | This tut is about NATIVE -compiled app, not P-CODE app, right? |
| Reversing for Newbies 09 DistortioN | 25 Feb : 15:41 | Guest
Reply to this | Thanks for your reply Lena, it must be something with my windows 7 I think, because I have formatted my C drive and tried it again later on (it had to be formatted anyway so) but same results.
Grtz |
| Reversing for Newbies 09 doggy | 03 Apr : 13:45 | Guest
Reply to this | I'm having same problem with win7, except app crashes after LOAD_DLL base:[something] KERNELBASE.dll. |
| Reversing for Newbies 09 doggy | 09 Apr : 13:39 | Guest
Reply to this | It's working fine on XP though |
| Reversing for Newbies 09 Lucky | 20 May : 14:10 | Guest
Reply to this | Yeah, it's because of Windows 7, damn!!
And also thanks Lena, your tuts are awesome! |
|
|
|
|
(Virtualization / Virtual Machines:)
A Comparison of Software and Hardware Techniques for x86 Virtualization
Author: Keith Adams + Ole Agesen
Until recently, the x86 architecture has not permitted classical trap-and-emulate virtualization. Virtual Machine Monitors for x86, such as VMware Workstation and Virtual PC, have instead used binary translation of the guest kernel code. However, bot [more...]
Date: 28 Aug : 12:03
Filesize: 129.96 kb
Total Downloads: 80
(Cryptography / Algorithms:)
All-out Attacks or How to Attack Cryptography Without Intensive Cryptanalysis
Author: Jean-Baptiste Bedrune + Eric Filiol + Fr´ed´eric Raynal
This article deals with operational attacks leaded against cryptographic tools. Problem is approached from several point of view, the goal being always to retrieve a maximum amount of information without resorting to intensive cryptanalysis. Therefor [more...]
Date: 28 Aug : 12:02
Filesize: 5.26 mb
Total Downloads: 159
(Obfuscation / Deobfuscation:)
Applied Binary Code Obfuscation
Author: Nicolaou George + Glafkos Charalambous
An obfuscated code is the one that is hard (but not impossible) to read and understand. Sometimes corporate developers, programmers and malware coders for security reasons, intentionally obfuscate their software in an attempt to delay reverse enginee [more...]
Date: 28 Aug : 12:01
Filesize: 866.52 kb
Total Downloads: 112
(Obfuscation / Deobfuscation:)
Automatic Binary Deobfuscation
Author: Yoann Guillot + Alexandre Gazet
This paper gives an overview of our research in the automation of the process of software protection analysis. We will focus more particularly on the problem of obfuscation.
Our current approach is based on a local semantic analysis, which aims t [more...]
Date: 28 Aug : 11:59
Filesize: 437.38 kb
Total Downloads: 66
(Reverse Code Engineering:)
In Memory Reverse Engineering for Obfuscated Python Bytecode
Author: Rich Smith
Growing numbers of commercial and closed source applications are being developed using the Python programming language. The trend with developers of such applications appears to be that there is an increasing amount of effort being invested in order [more...]
Date: 28 Aug : 11:56
Filesize: 204.31 kb
Total Downloads: 31
(Obfuscation / Deobfuscation:)
Loco: An Interactive Code Deobfuscation Tool
Author: Matias Madou + Ludo Van Put + Koen De Bosschere
This paper presents LOCO, a graphical, interactive environment to experiment with code obfuscation and deobfuscation transformations, which can be applied automatically, semi-automatically and by hand. LOCO is an extension of the multi-platform visua [more...]
Date: 28 Aug : 11:55
Filesize: 291.85 kb
Total Downloads: 45
(Cryptography / Algorithms:)
Non-Black-Box Techniques in Cryptography
Author: Boaz Barak
The American Heritage dictionary defines the term “Black-Box” as “A device or theoretical construct with known or specified performance characteristics but unknown or unspecified constituents and means of operation.”
In the context of Com [more...]
Date: 28 Aug : 11:55
Filesize: 1.1 mb
Total Downloads: 20
(Portable Executable Format (PE):)
Portable Executable File Format – A Reverse Engineer View
Author: Goppit
This tutorial aims to collate information from a variety of sources and present it in a way which is accessible to beginners. Although detailed in parts, it is oriented towards reverse code engineering and superfluous information has been omitted. Yo [more...]
Date: 28 Aug : 11:53
Filesize: 7.82 mb
Total Downloads: 129
(Obfuscation / Deobfuscation:)
Reverse Engineering Obfuscated Code
Author: Sharath K. Udupa + Saumya K. Debray + Matias Madou
In recent years, code obfuscation has attracted attention as a low cost approach to improving software security by making it difficult for attackers to understand the inner workings of proprietary software systems. This paper examines techniques for [more...]
Date: 28 Aug : 11:52
Filesize: 130.18 kb
Total Downloads: 49
(Obfuscation / Deobfuscation:)
Unpacking Virtualization Obfuscators
Author: Rolf Rolles
Nearly every malware sample is sheathed in an executable protection which must be removed before static analyses can proceed. Existing research has studied automatically unpacking certain protections, but has not yet caught up with many modern techni [more...]
Date: 28 Aug : 11:51
Filesize: 125.06 kb
Total Downloads: 52
(Obfuscation / Deobfuscation:)
Using Optimization Algorithms for Malware Deobfuscation
Author: Branko Spasojevic
Analysis of malware binaries is constantly becoming more difficult with introduction of many different types of code obfuscators. One common theme in all obfuscators is transformation of code into a complex representation. This process can be viewed [more...]
Date: 28 Aug : 11:50
Filesize: 762.78 kb
Total Downloads: 16
(Debuggers / Debugging:)
Virt-ICE: Next-Generation Debugger for Malware Analysis
Author: Nguyen Anh Quynh + Kuniyasu Suzaki
Dynamic malware analysis is an important method to analyze malware. The most important tool for dynamic malware analysis is debugger. However, because debuggers are originally built by software developers to debug legitimate software, they have some [more...]
Date: 28 Aug : 11:48
Filesize: 143.87 kb
Total Downloads: 81
(IDA Plugins:)
IDA Stealth 1.3.1
Author: Jan Newger
IDA Stealth is a plugin which aims to hide the IDA debugger from most common anti-debugging techniques. The plugin is composed of two files, the plugin itself and a dll which is injected into the debuggee as soon as the debugger attaches to the proce [more...]
Date: 27 Aug : 22:23
Filesize: 793.79 kb
Total Downloads: 1493
(OllyDbg Plugins:)
StrongOD 0.3.6.650
Author: 海风月影
Make your OllyDbg Strong!
This plug-in provides three kinds of ways to initiate the process:
1, Normal - And the same manner as the original start, the STARTUPINFO inside unclean data
2, CreateAsUser - User with a mandate to initiate the proc [more...]
Date: 24 Aug : 07:47
Filesize: 260.82 kb
Total Downloads: 8499
(IAT / PE Rebuilding:)
Imports Fixer 1.5a (Public Beta)
Author: SuperCRacker
Imports Fixer (abbreviated to IF hereafter) has been specifically created to assist in the process of rebuilding and reconstructing portable executable files found in memory. IF has been designed to rebuild imports for Win32 Portable Executable and D [more...]
Date: 24 Aug : 07:39
Filesize: 848.24 kb
Total Downloads: 846
(Binary Analysis / Editing:)
BinDiff 3.2 (Public Beta)
Author: Zynamics
Do you need to analyze multiple variations of essentially the same program? Do you need to understand the changes between two versions of a program? Are you trying to detect code theft?
Zynamics BinDiff uses a unique graph-theoretical aproach to a [more...]
Date: 18 Aug : 07:04
Filesize: 498.33 kb
Total Downloads: 237
(Cryptography Tools:)
YAFU 1.19.2
Author: Ben Buhrow
This code is the result of several's years effort to learn more about integer factorization, arbitrary precision arithmetic, C programming, memory and cpu speed optimizations. It's freely available to anyone that wants to use it. I provid [more...]
Date: 18 Aug : 06:52
Filesize: 3.12 mb
Total Downloads: 250
(Keygenning / Serial Fishing:)
An Exercise in RSA Reversal (RSA128 + MD5)
Author: Office Jesus
Hi and welcome to another Office Jesus tutorial. I just want to go ahead and say that if you are an ABSOLUTE beginner with no experience debugging or coding (Delphi in this case), you should NOT read this tutorial! I recommend watching Lena151's [more...]
Date: 06 Aug : 10:08
Filesize: 1.25 mb
Total Downloads: 339
(Binary Analysis / Editing:)
VxClass 1.1
Author: Zynamics
Based on the same ideas and algorithms that made zynamics BinDiff great, zynamics VxClass can structurally compare executables and thus ignore byte-level changes such as instruction reordering or string obfuscation. Small changes in the code or chang [more...]
Date: 03 Aug : 08:07
Filesize: 2.39 mb
Total Downloads: 85
(Binary Analysis / Editing:)
BinNavi 3.0
Author: Zynamics
BinNavi is a platform-independent integrated reverse engineering environment that helps you dissect and analyze binary files. You can use it to discover new vulnerabilities in closed-source software, to analyze the latest piece of malware you found w [more...]
Date: 03 Aug : 07:43
Filesize: 301.71 kb
Total Downloads: 126
(Miscellaneous Papers:)
One Great Way To Get More Effecient Solar Power For Batteries
Author: Sophia H. Walker
University of southern California experts indicate us a more effective use of graphene solar panels
Is it possible to imagine people powering their mobile phone or music/video device while jogging in the sun?
A University of Southern Californ [more...]
Date: 31 Jul : 23:40
Filesize: 144.49 kb
Total Downloads: 33
(Cryptography Tools:)
Msieve 1.46 + GUI 1.1
Author: Jason Papadopoulos + Anogrganix
Factoring is the study (half math, half engineering, half art form) of taking big numbers and expessing them as the product of smaller numbers. If I find out 15 = 3 * 5, I've performed an integer factorization on the number 15. As the number to [more...]
Date: 31 Jul : 23:26
Filesize: 1.25 mb
Total Downloads: 5081
(IDA Plugins:)
MyNav 1.0
Author: Joxean Piti
MyNav is a plugin for IDA Pro to help reverse engineers in the most typical task like discovering what functions are responsible of some specifical tasks, finding paths between "interesting" functions and data entry points.
Features:
[more...]
Date: 31 Jul : 09:47
Filesize: 13.7 kb
Total Downloads: 73
(Java Reversing:)
A Practical Method for Watermarking Java Programs
Author: [ Various Authors ]
Java programs distributed through Internet are now suffering from program theft. It is because Java programs can be easily decomposed into reusable class files even decompiled into source code by program users. In this paper we propose a practical [more...]
Date: 31 Jul : 09:40
Filesize: 58.5 kb
Total Downloads: 73
(Software Testing and Binary Static Analysis:)
An Analysis of Black-Box Web Vulnerability Scanners
Author: Adam Doup´e + Marco Cova + Giovanni Vigna
Black-box web vulnerability scanners are a class of tools that can be used to identify security issues in web applications. These tools are often marketed as “point-and-click pentesting” tools that automatically evaluate the security of web appli [more...]
Date: 31 Jul : 09:39
Filesize: 167.24 kb
Total Downloads: 71
(Malware / Security Analysis:)
DEP/ASLR Implementation Progress in Popular Third-party Windows Applications
Author: Alin Rad Pop
Vulnerabilities that corrupt memory typically result in the execution of arbitrary code by redirecting the program flow to a writable memory area containing instructions defined by an attacker.
DEP (Data Execution Prevention) is a generic defensi [more...]
Date: 31 Jul : 09:36
Filesize: 108.06 kb
Total Downloads: 57
(Software Testing and Binary Static Analysis:)
A Technique for Automated Software Debugging
Author: Cristian Zamfir + George Candea
Debugging real systems is hard, requires deep knowledge of the code, and is time-consuming. Bug reports rarely provide sufficient information, thus forcing developers to turn into detectives searching for an explanation of how the program could have [more...]
Date: 31 Jul : 09:34
Filesize: 237.58 kb
Total Downloads: 86
(Reverse Code Engineering:)
Theories and Methods of Code-Caves
Author: Faldo
Since many have read my tutorial on basic memory hacking and got stuck on the creation of code-caves, I’ve decided to make a short follow-up on some code-cave techniques where I’ll explain the WHYs and the HOWs.
Archive also contains "The [more...]
Date: 31 Jul : 09:32
Filesize: 744.53 kb
Total Downloads: 306
(Software Testing and Binary Static Analysis:)
Discovering Variables in Executables
Author: Gogul Balakrishnan + Thomas Reps
This paper addresses the problem of recovering variable-like entities when analyzing executables in the absence of debugging information. We show that variable-like entities can be recovered by iterating Value-Set Analysis (VSA), a combined numeric-a [more...]
Date: 28 Jul : 09:01
Filesize: 244.87 kb
Total Downloads: 121
(Malware / Security Analysis:)
BerBoToss Analysis
Author: Strelitzia
The threat of malicious software can easily be considered as the greatest threat to Internet security. Earlier, viruses were, more or less, the only form of malware. Nowadays, the threat has grown to include network-aware worms, trojans, DDoS agents, [more...]
Date: 28 Jul : 09:01
Filesize: 335.2 kb
Total Downloads: 86
(IDA Plugins:)
IDAPython 1.4.1
Author: Gergely Erdélyi + Elias Bachaalany
IDAPython is an IDA Pro plugin that integrates the Python programming language, allowing scripts to run in IDA Pro. These programs have access to IDA Plugin API, IDC and all modules available for Python. The power of IDA Pro and Python provides a pla [more...]
Date: 28 Jul : 08:56
Filesize: 2.26 mb
Total Downloads: 401
(Malware / Security Analysis:)
Inference and Analysis of Formal Models of Botnet
Author: [ Various Authors ]
We propose a novel approach to infer complete protocol state machines in realistic high-latency network setting, and apply it to the analysis of botnet C&C protocols. Our proposed techniques enable an order of magnitude reduction in the number of que [more...]
Date: 28 Jul : 08:46
Filesize: 407.77 kb
Total Downloads: 102
(Software Testing and Binary Static Analysis:)
Input Generation via Decomposition and Re-Stitching
Author: [ Various Authors ]
Attackers often take advantage of vulnerabilities in benign software, and the authors of benign software must search their code for bugs in hopes of finding vulnerabilities before they are exploited. But there has been little research on the c [more...]
Date: 28 Jul : 08:43
Filesize: 199.46 kb
Total Downloads: 39
(Malware / Security Analysis:)
Kernel Malware - The Attack from Within
Author: Kimmo Kasslin
The Kernel is the heart of modern operating systems. Code executing in kernel mode has full access to all memory including the kernel itself, all CPU instructions, and all hardware. For this obvious reason only the most trusted software should be all [more...]
Date: 28 Jul : 08:41
Filesize: 615.62 kb
Total Downloads: 189
(Programming / Coding:)
Kernel-22
Author: Mike McCarl
The idea of spoofing DLLs is not new. It is atechnique used for analysis tools as well as malicious programs. By offering the same set of functions as another DLL, a calling program can unknowingly provide the means to load and execute alternate code [more...]
Date: 28 Jul : 08:38
Filesize: 379.27 kb
Total Downloads: 99
(Keygenning / Serial Fishing:)
Keygenning Deurus KeygenMe02
Author: GioTiN
This KeygenMe is coded in Microsoft VC++ 6.0 (you can check with PeiD ) and not use of Hash Crypto's (you can check via KANAL Plugin in PeiD). In this KeygenMe we need to solve 2 algorithms so I have decided to explain all the steps to you.
Date: 28 Jul : 08:34
Filesize: 751.15 kb
Total Downloads: 105
(Portable Executable Format (PE):)
New Approach of Hidden Data in the Portable Executable File
Author: [ Various Authors ]
The rapid development of multimedia and internet allows for wide distribution of digital media data. It becomes much easier to edit, modify and duplicate digital information. In additional, digital document is also easy to copy and distribute, theref [more...]
Date: 28 Jul : 08:33
Filesize: 177.95 kb
Total Downloads: 101
(Unpacking Tutorials:)
PEX 0.99 (Unpacking)
Author: ChessGod101
After reading a post about a PEX 0.99 unpacker, I was anxious to learn more about the packer itself. After locating a download for PEX, I decided to protect a random file in my computer to see it's potential. After five minutes of probing I dump [more...]
Date: 28 Jul : 08:31
Filesize: 1.2 mb
Total Downloads: 94
(Software Testing and Binary Static Analysis:)
Predicate Abstraction
Author: Satyaki Das
Designing basic protocols, used in networking, security and multiprocessor systems is hard. All of these have to deal with concurrency, that is the actions of multiple agents in parallel. This makes their design error-prone since all possible interac [more...]
Date: 28 Jul : 08:27
Filesize: 339.87 kb
Total Downloads: 27
(Software Testing and Binary Static Analysis:)
Proving Memory Safety of Floating-Point Computations
Author: Patrice Godefroid + Johannes Kinder
Whitebox fuzzing is a novel form of security testing based on dynamic symbolic execution and constraint solving. Over the last couple of years, whitebox fuzzers have found many new security vulnerabilities (bu?er overflows) in Windows and Linux appli [more...]
Date: 28 Jul : 08:23
Filesize: 1.62 kb
Total Downloads: 24
|
|
|
[ Tuts 4 You ]
9.4 - 10 votes