Meta
November 2024 M T W T F S S 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 Blogroll
IP info
Programs
Category Archives: Reversing
Broken love: letting my IDA maintenance period run out next year
With IDA 9.0 Hex-Rays says they are switching to a subscription only model. This was already threatened to existing customers before — roughly two or three years ago — and of course it is being sold with totally great benefits … Continue reading
Two more useful flags for cl.exe
/Be appears to spit out a make file snippet that contains the recipe to reproduce a given run of cl.exe. It takes into account variables. Check it out: all: @cd D:\17.7.5\x64 @set INCLUDE= @set LIB= @set LIBPATH= @set CL=/nologo /utf-8 … Continue reading
Undocumented MSVC
Some ongoing research. For obvious reasons I can only share results and tools, but not actual sample data.
IDA and Hex-Rays decompiler keyboard shortcut cheat sheet
Find it on GitHub: assarbad/some-latex/releases/tag/v1.0-ida-cheat-sheet LaTeX source can be found in the repository itself.
Reminder to self: IDA load all sections
Just a reminder to myself. Edit cfg/pe.cfg inside the IDA installation folder to configure the PE loader to load all sections: // Always load all sections of a PE file? // If no, sections like .reloc and .rsrc are skipped … Continue reading
dumbin.exe, editbin.exe, lib.exe …
They’re all just slim wrappers around the actual link.exe, not using a common DLL or so, but actually invoking: dumpbin.exe simply invokes “link /dump” and failing that “link.exe link /dump” editbin.exe simply invokes “link /edit” and failing that “link.exe link … Continue reading
Running IDA 7.x/8.x inside Crossover 21/22/24
For a few versions I had issues running IDA Pro in Crossover with IDAPython enabled. Prior to the starting issues, everything worked fine, e.g. in the IDA 6.x version range. Please note that the setup of IDA Pro also succeeded … Continue reading
German federals looking for trojan author – still
The German federals (BKA = Bundeskriminalamt, roughly the German equivalent to the FBI in the US) are still looking for someone with the qualifications to write what had been dubbed “Bundestrojaner” (literally: federal trojan) in 2008. This means that first … Continue reading
Posted in C/C++, EN, IT Security, Reversing, Software, Thoughts
Tagged BKA, Bundestrojaner, germany
Leave a comment
canyoucrackit.co.uk – yes we can ;)
So the British Government Communications Headquarters (GCHQ) wants to recruit smart people. Well, there should be enough around. Although they seem to look for some 1337 h4x0rz, not some serious people from all indicators. The original one (MD5: 1585DFECC90AE7549814DCE52CA4EDDA) filled … Continue reading
Posted in C/C++, EN, Germans have no notion of sarcasm, Programming, Reversing, Software
1 Comment
Bundestrojaner gefunden?
Heute wurde ich, unabhängig voneinander, von mehreren Leuten auf die Geschichte mit dem angeblichen Fund des Bundestrojaners durch den CCC hingewiesen. Unabhängig davon, ob es sich um das handelt wovon alle Welt ausgeht, machte mich der bei F-Secure gezeigte Bildausschnitt … Continue reading
Posted in DE, Reversing, Software
2 Comments
Eine neue Sau ist im Dorf …
… beziehungsweise wird durch’s Dorf getrieben: Hacker. Böse, fiese Hacker. Auf Begriffe muß man da nicht mehr achten (eigtl. sind Cracker gemeint). Glücklicherweise kommt ja jetzt das Cyber-Abwehrzentrum (was für ein Begriff, gell?) in Bonn. Das schlimme ist nur, daß … Continue reading
Posted in DE, Gedanken, Reversing
Leave a comment
Two years later (update)
A new version of TortoiseCVS is available. Since I have largely parted with CVS, I just noticed now. Well, the issue reported in 2008 and closed as fixed is still not fixed. The respective piece of code looks exactly the … Continue reading
New IDA upgrade available (6.1)
Lovely. Hex-Rays released version 6.1 of IDA just today. I already requested my download and I am downloading as I type this. See the changes here. // Oliver PS: sadly it’s the first version where I don’t get a Linux … Continue reading
F-Secure documentary about BRAIN
Watch it over here.
Posted in EN, IT Security, Reversing, Software
Leave a comment
“The system cannot execute the specified program.”
There is a pretty interesting article over at winprogger.com about the problems connected with IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY (set through /integritycheck ever since VS2005) and ERROR_INVALID_IMAGE_HASH (aka Win32 error code 577). Now, I’ve been fighting with this problem for two full days and … Continue reading
Posted in EN, IT Security, Programming, Reversing, Software
Tagged force integrity, integrity check, sigcheck, signtool
4 Comments
Dear technical writer (@Microsoft)
You write in the documentation of NtDeviceIoControlFile. Deprecated. Builds descriptors for the supplied buffer(s) and passes the untyped data to the device driver associated with the file handle. NtDeviceIoControlFile is superseded by DeviceIoControl. Could you please be a little more … Continue reading
Posted in EN, Reversing
Leave a comment
Annoyance in TortoiseCVS fixed
Quite a while ago I reported a bug in TortoiseCVS 1.10.x (the Unicode versions) which more or less affects everyone that is using an alternative file manager. I for one use SpeedCommander and can highly recommend it, although for non-German … Continue reading
Conficker tools
A team of two German researchers has devised a method to detect Conficker (in its known variants) through the RSA keys which originally have been used by the Conficker authors against anyone attempting to fool Conficker into updating from an … Continue reading
Posted in EN, IT Security, Programming, Reversing
Leave a comment
Yippie! IDA 5.4 Pro released …
My personal highlight is still the Bochs debugger, but I am sure I’ll take the chance and also look into the newly acquired kernel debugging features. Check out the highlights over here. // Oliver