Category Archives: Reversing

Posts about reverse code engineering (aka RCE, reversing, RE, reverse engineering)

Broken love: letting my IDA maintenance period run out next year

With IDA 9.0 Hex-Rays says they are switching to a subscription only model. This was already threatened to existing customers before — roughly two or three years ago — and of course it is being sold with totally great benefits … Continue reading

Posted in EN, Reversing, Software | Tagged , | Leave a comment

Two more useful flags for cl.exe

/Be appears to spit out a make file snippet that contains the recipe to reproduce a given run of cl.exe. It takes into account variables. Check it out: all: @cd D:\17.7.5\x64 @set INCLUDE= @set LIB= @set LIBPATH= @set CL=/nologo /utf-8 … Continue reading

Posted in C/C++, Reversing, Software | Tagged | Leave a comment

Undocumented MSVC

Some ongoing research. For obvious reasons I can only share results and tools, but not actual sample data.

Posted in EN, Reversing, Software | Tagged , , , | Leave a comment

IDA and Hex-Rays decompiler keyboard shortcut cheat sheet

Find it on GitHub: assarbad/some-latex/releases/tag/v1.0-ida-cheat-sheet LaTeX source can be found in the repository itself.

Posted in EN, Reversing | Tagged , | Leave a comment

Reminder to self: IDA load all sections

Just a reminder to myself. Edit cfg/pe.cfg inside the IDA installation folder to configure the PE loader to load all sections: // Always load all sections of a PE file? // If no, sections like .reloc and .rsrc are skipped … Continue reading

Posted in EN, Reversing, Software | Tagged | Leave a comment

dumbin.exe, editbin.exe, lib.exe …

They’re all just slim wrappers around the actual link.exe, not using a common DLL or so, but actually invoking: dumpbin.exe simply invokes “link /dump” and failing that “link.exe link /dump” editbin.exe simply invokes “link /edit” and failing that “link.exe link … Continue reading

Posted in EN, Programming, Reversing | Tagged , | Leave a comment

Running IDA 7.x/8.x inside Crossover 21/22/24

For a few versions I had issues running IDA Pro in Crossover with IDAPython enabled. Prior to the starting issues, everything worked fine, e.g. in the IDA 6.x version range. Please note that the setup of IDA Pro also succeeded … Continue reading

Posted in EN, Linux, Reversing, Software | Tagged , , , | Leave a comment

German federals looking for trojan author – still

The German federals (BKA = Bundeskriminalamt, roughly the German equivalent to the FBI in the US) are still looking for someone with the qualifications to write what had been dubbed “Bundestrojaner” (literally: federal trojan) in 2008. This means that first … Continue reading

Posted in C/C++, EN, IT Security, Reversing, Software, Thoughts | Tagged , , | Leave a comment

canyoucrackit.co.uk – yes we can ;)

So the British Government Communications Headquarters (GCHQ) wants to recruit smart people. Well, there should be enough around. Although they seem to look for some 1337 h4x0rz, not some serious people from all indicators. The original one (MD5: 1585DFECC90AE7549814DCE52CA4EDDA) filled … Continue reading

Posted in C/C++, EN, Germans have no notion of sarcasm, Programming, Reversing, Software | 1 Comment

Bundestrojaner gefunden?

Heute wurde ich, unabhängig voneinander, von mehreren Leuten auf die Geschichte mit dem angeblichen Fund des Bundestrojaners durch den CCC hingewiesen. Unabhängig davon, ob es sich um das handelt wovon alle Welt ausgeht, machte mich der bei F-Secure gezeigte Bildausschnitt … Continue reading

Posted in DE, Reversing, Software | 2 Comments

Eine neue Sau ist im Dorf …

… beziehungsweise wird durch’s Dorf getrieben: Hacker. Böse, fiese Hacker. Auf Begriffe muß man da nicht mehr achten (eigtl. sind Cracker gemeint). Glücklicherweise kommt ja jetzt das Cyber-Abwehrzentrum (was für ein Begriff, gell?) in Bonn. Das schlimme ist nur, daß … Continue reading

Posted in DE, Gedanken, Reversing | Leave a comment

Two years later (update)

A new version of TortoiseCVS is available. Since I have largely parted with CVS, I just noticed now. Well, the issue reported in 2008 and closed as fixed is still not fixed. The respective piece of code looks exactly the … Continue reading

Posted in C/C++, EN, Programming, Reversing, Software | Tagged , | Leave a comment

New IDA upgrade available (6.1)

Lovely. Hex-Rays released version 6.1 of IDA just today. I already requested my download and I am downloading as I type this. See the changes here. // Oliver PS: sadly it’s the first version where I don’t get a Linux … Continue reading

Posted in EN, Reversing, Software | Tagged | Leave a comment

F-Secure documentary about BRAIN

Watch it over here.

Posted in EN, IT Security, Reversing, Software | Leave a comment

“The system cannot execute the specified program.”

There is a pretty interesting article over at winprogger.com about the problems connected with IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY (set through /integritycheck ever since VS2005) and ERROR_INVALID_IMAGE_HASH (aka Win32 error code 577). Now, I’ve been fighting with this problem for two full days and … Continue reading

Posted in EN, IT Security, Programming, Reversing, Software | Tagged , , , | 4 Comments

Not a solution

A “solution” for the missing classic start menu in Windows 7 has been proposed to me by a friend. The license does not prohibit to look into it (only changing it is forbidden), so I loaded it quickly into IDA. … Continue reading

Posted in EN, Programming, Reversing, Software | Tagged , | Leave a comment

Dear technical writer (@Microsoft)

You write in the documentation of NtDeviceIoControlFile. Deprecated. Builds descriptors for the supplied buffer(s) and passes the untyped data to the device driver associated with the file handle. NtDeviceIoControlFile is superseded by DeviceIoControl. Could you please be a little more … Continue reading

Posted in EN, Reversing | Leave a comment

Annoyance in TortoiseCVS fixed

Quite a while ago I reported a bug in TortoiseCVS 1.10.x (the Unicode versions) which more or less affects everyone that is using an alternative file manager. I for one use SpeedCommander and can highly recommend it, although for non-German … Continue reading

Posted in /dev/null, Programming, Reversing | Tagged , | Leave a comment

Conficker tools

A team of two German researchers has devised a method to detect Conficker (in its known variants) through the RSA keys which originally have been used by the Conficker authors against anyone attempting to fool Conficker into updating from an … Continue reading

Posted in EN, IT Security, Programming, Reversing | Leave a comment

Yippie! IDA 5.4 Pro released …

My personal highlight is still the Bochs debugger, but I am sure I’ll take the chance and also look into the newly acquired kernel debugging features. Check out the highlights over here. // Oliver

Posted in EN, Reversing, Software | Tagged | Leave a comment