Reverse Engineering RET Homepage RET Members Reverse Engineering Projects Reverse Engineering Papers Reversing Challenges Reverser Tools RET Re-Search Engine Reverse Engineering Forum Reverse Engineering Links

Go Back   Reverse Engineering Team Board > Search Forums
FAQ Members List Calendar Search Today's Posts Mark Forums Read

Showing results 1 to 13 of 13
Search took 0.03 seconds.
Search: Posts Made By: 0x517A5D
Forum: General Forum 04-06-2006, 03:48 AM
Replies: 2
Views: 11,315
Posted By 0x517A5D
edata is a globally known location, presumably...

edata is a globally known location, presumably the start of the PE header of osloader.exe in the 32-bit code segment (if I've deciphered this correctly).

We take the address with &edata, cast it...
Forum: General Forum 04-06-2006, 03:28 AM
Replies: 2
Views: 10,686
Posted By 0x517A5D
No, 66 is a way to execute a 32-bit-mode...

No, 66 is a way to execute a 32-bit-mode instruction in a 16-bit-mode code segment.

(And the other way. In a 32-bit segment, it executes a 16-bit instruction.)

The DB OVERRIDE;PUSH puts a dword on...
Forum: General Forum 03-27-2006, 04:55 AM
Replies: 9
Views: 17,373
Posted By 0x517A5D
Erk. You should have asked me at the time, while...

Erk. You should have asked me at the time, while it was fresh in my mind.

Basically it's casting a string pointer into a code pointer, then invoking it.

...
Forum: Reverse Code Engineering 02-04-2006, 04:25 PM
Replies: 15
Views: 19,254
Posted By 0x517A5D
Yes, but an $ATTRIBUTE_LIST record lists all...

Yes, but an $ATTRIBUTE_LIST record lists all attributes except itself, even if those attributes happen to be located in the same filerecord. That's why, if one exists, you just walk it...
Forum: Reverse Code Engineering 02-03-2006, 11:22 PM
Replies: 15
Views: 19,254
Posted By 0x517A5D
Hello Raj and rwid! I once deliberately...

Hello Raj and rwid!

I once deliberately killed an NT4 install by fragmenting the MFT. I did this by repeatedly filling up the disk with garbage files, then randomly truncating some of them to...
Forum: Steganography + Cryptography 01-14-2006, 05:43 PM
Replies: 3
Views: 31,373
Posted By 0x517A5D
The simple answer is yes, absolutely vulnerable. ...

The simple answer is yes, absolutely vulnerable. XOR encryption with any repeats is kid-sister protection at most. The repetition of each subkey will be seen in the crypted document, even if the...
Forum: Reverse Code Engineering 01-01-2006, 05:16 PM
Replies: 1
Views: 6,573
Posted By 0x517A5D
Are you certain that this is code? It looks like...

Are you certain that this is code? It looks like very strange code to me.
It's nothing that a compiler would generate.

In addition, all of the "opcodes" are in the 0x20-0x5F range, except...
Forum: General Forum 08-01-2005, 01:59 PM
Replies: 9
Views: 17,373
Posted By 0x517A5D
Overwriting the program code is a bit tricky, as...

Overwriting the program code is a bit tricky, as you need to fiddle with memory protections. Search on VirtualProtect. Alternately you can use an EXE editor to change the flags of your...
Forum: General Forum 08-01-2005, 12:09 AM
Replies: 9
Views: 17,373
Posted By 0x517A5D
More details of what you're trying to...

More details of what you're trying to accomplish would be helpful.
What kind of crash do you want? Why is it important that it's C++?

You can always do something like this (C code but C++...
Forum: File Unpacking 07-20-2005, 11:08 PM
Replies: 13
Views: 24,752
Posted By 0x517A5D
Oh, I suppose I spent six or seven hours on it,...

Oh, I suppose I spent six or seven hours on it, spread over two and a half days.

517A5D out.
Forum: File Unpacking 07-19-2005, 09:06 PM
Replies: 13
Views: 24,752
Posted By 0x517A5D
I figured it must be commercial since there was a...

I figured it must be commercial since there was a lot of code that was never called. For example, there are several routines that deal with Thread Local Storage, which this program didn't...
Forum: File Unpacking 07-19-2005, 02:09 AM
Replies: 13
Views: 24,752
Posted By 0x517A5D
[/quote] Darnit, I must have missed something. ...

[/quote]


Darnit, I must have missed something. Oh well, the program text is decrypted and the imports work. I don't intend to devote more time to it.

BTW, was this commercial protection or...
Forum: File Unpacking 07-18-2005, 10:37 PM
Replies: 13
Views: 24,752
Posted By 0x517A5D
So I unpacked it and all, but it doesn't do...

So I unpacked it and all, but it doesn't do anything!

It deletes itself if it detects a debugger, I guess, and merely exits immediately otherwise.

Is that what it's supposed to do?

The...
Showing results 1 to 13 of 13

 
Forum Jump




Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2022, Jelsoft Enterprises Ltd.