Am back again after a long time. I been busy with a lot of things to be honest, but I will try to keep this blog as much updated as I can. So to keep this short, lately I been spending some time on solving the puzzles found in Facebook in here. I believe they […]
Here’s a simple PE viewer I wrote in wxWidgets framework. I converted this tool from my old console based one. I will keep updating it more when I get more time or if anyone found it interesting.
Recently, I been posting about anti-debugging tricks, but I thought I should add them to the one’s already existing in OpenRCE’s anti-reversing section. Have fun all!
Recently, I have mentioned that one can detect the debugger presence through the DR7 debug register, now we’ll take a look at the DR0 to DR3 debug registers, which contains debug breakpoints.
This technique is one of the few ways to discover debug breakpoints, and it makes it possible to delete them without stopping the application […]
You can also use the debug registers with x86 processors to determine whether a debugger is active. Debug register 7 (DR7) is the most important one for you in this trick. If there is no debugger in memory, DR7 will be default to 400h. If there is a debugger, it will have a different value.
mov […]
A different technique is to search for the presence of a breakpoint. It’s based on CRC calculation for the particular program and the checks that run during the course of the program. A program’s current CRC is found at the CRC label. The CRC label changes with alterations in the program, and is therefore adjusted […]
This trick uses the LOCK CMPXCHG8B instruction to make any debugger (SoftICE, OllyDBG, IDA, etc…) detect an error and stop.
The instruction CMPXCHG8B is used for 64−bit values. It compares a value in the EDX:EAX registers with the 64−bit value saved in the address determined by the pointer in the EAX register. If the values are […]
Recently I been playing around with some anti-debugging tricks. Most of them have showed some effective results. I’ll post more news about them once I get finished.
Recently I was given a problem to solve, which was a marble problem. A Marble Game is played with M marbles on a square board. The board is divided into NxN unit squares, and M of those unit squares contain holes. Marbles and holes are numbered from 1 to M. The goal of the Marble […]
Okay, here is a snippet of assembly code of how to get a pointer to kernel32.dll, I’ll assume that you have some basic knowledge about the following topics:
Assembly Programming Language
Stack
Debugging
mov eax, [esp]
or eax, 00000FFFh
xor eax, 00000FFFh
@@Compare:
cmp word ptr [eax], ‘ZM’
je @@Kernel32Found
sub eax, 1000h
jmp @@Compare
[ … ]