Category Archives: Reversing
/Be appears to spit out a make file1 snippet that contains the recipe to reproduce a given run of cl.exe. It takes into account variables. Check it out: all: @cd D:\17.7.5\x64 @set INCLUDE= @set LIB= @set LIBPATH= @set CL=/nologo /utf-8 … Continue reading
Some ongoing research. For obvious reasons I can only share results and tools, but not actual sample data.
Find it on GitHub: assarbad/some-latex/releases/tag/v1.0-ida-cheat-sheet LaTeX source can be found in the repository itself.
Just a reminder to myself. Edit cfg/pe.cfg inside the IDA installation folder to configure the PE loader to load all sections: // Always load all sections of a PE file? // If no, sections like .reloc and .rsrc are skipped … Continue reading
They’re all just slim wrappers around the actual link.exe, not using a common DLL or so, but actually invoking: dumpbin.exe simply invokes “link /dump” and failing that “link.exe link /dump” editbin.exe simply invokes “link /edit” and failing that “link.exe link … Continue reading
For a few versions I had issues running IDA Pro in Crossover with IDAPython enabled. Prior to the starting issues, everything worked fine, e.g. in the IDA 6.x version range. Please note that the setup of IDA Pro also succeeded … Continue reading
The German federals (BKA = Bundeskriminalamt, roughly the German equivalent to the FBI in the US) are still looking for someone with the qualifications to write what had been dubbed “Bundestrojaner” (literally: federal trojan) in 2008. This means that first … Continue reading
So the British Government Communications Headquarters (GCHQ) wants to recruit smart people. Well, there should be enough around. Although they seem to look for some 1337 h4x0rz, not some serious people from all indicators. The original one (MD5: 1585DFECC90AE7549814DCE52CA4EDDA) filled … Continue reading
Heute wurde ich, unabhängig voneinander, von mehreren Leuten auf die Geschichte mit dem angeblichen Fund des Bundestrojaners durch den CCC hingewiesen. Unabhängig davon, ob es sich um das handelt wovon alle Welt ausgeht, machte mich der bei F-Secure gezeigte Bildausschnitt … Continue reading
… beziehungsweise wird durch’s Dorf getrieben: Hacker. Böse, fiese Hacker. Auf Begriffe muß man da nicht mehr achten (eigtl. sind Cracker gemeint). Glücklicherweise kommt ja jetzt das Cyber-Abwehrzentrum (was für ein Begriff, gell?) in Bonn. Das schlimme ist nur, daß … Continue reading
A new version of TortoiseCVS is available. Since I have largely parted with CVS, I just noticed now. Well, the issue reported in 2008 and closed as fixed is still not fixed. The respective piece of code looks exactly the … Continue reading
Lovely. Hex-Rays released version 6.1 of IDA just today. I already requested my download and I am downloading as I type this. See the changes here. // Oliver PS: sadly it’s the first version where I don’t get a Linux … Continue reading
Watch it over here.
There is a pretty interesting article over at winprogger.com about the problems connected with IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY (set through /integritycheck ever since VS2005) and ERROR_INVALID_IMAGE_HASH (aka Win32 error code 577). Now, I’ve been fighting with this problem for two full days and … Continue reading
You write in the documentation of NtDeviceIoControlFile. Deprecated. Builds descriptors for the supplied buffer(s) and passes the untyped data to the device driver associated with the file handle. NtDeviceIoControlFile is superseded by DeviceIoControl. Could you please be a little more … Continue reading
Quite a while ago I reported a bug in TortoiseCVS 1.10.x (the Unicode versions) which more or less affects everyone that is using an alternative file manager. I for one use SpeedCommander and can highly recommend it, although for non-German … Continue reading
A team of two German researchers has devised a method to detect Conficker (in its known variants) through the RSA keys which originally have been used by the Conficker authors against anyone attempting to fool Conficker into updating from an … Continue reading
My personal highlight is still the Bochs debugger, but I am sure I’ll take the chance and also look into the newly acquired kernel debugging features. Check out the highlights over here. // Oliver