Contribute  :  Web Resources  :  Past Polls  :  Site Statistics  :  Downloads  :  Forum  
    BiW ReversingThe challenge is yours    
 Welcome to BiW Reversing
 Friday, January 28 2022 @ 05:47 AM CET
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

Search found 148 matches
www.reversing.be Forum Index
Author Message
  Topic: Code beyond the JMP TABLE
stingduk

Replies: 5
Views: 24477

PostForum: Coding Corner   Posted: Sat Jul 19, 2008 8:03 pm   Subject: Code beyond the JMP TABLE
you mean like this ksbunker


00401000 >PUSH ESP ; /pThreadId = 0012FFC4
00401001 PUSH 0 ; |CreationFlags = 0
004010 ...
  Topic: OPCODE CPUID, REPNE SCAS,
stingduk

Replies: 3
Views: 17617

PostForum: Coding Corner   Posted: Wed Dec 05, 2007 6:13 pm   Subject: OPCODE CPUID, REPNE SCAS,
cpuid is cpu id
its a serialising instruction that return details about your cpu
it takes arguments in eax and returns details in eax ,ebx,ecx and

for example with eax as 0 if you execute it w ...
  Topic: priority levels of running programs.
stingduk

Replies: 10
Views: 27329

PostForum: Code Reversing   Posted: Tue Nov 27, 2007 7:03 pm   Subject: priority levels of running programs.
How is it possible that you have known values of the parameters and I do not?

do you mean 7ffd6000 in pinfo = 7FFD6000

they are bogus values

turn on
options -> debuggging options --&g ...
  Topic: priority levels of running programs.
stingduk

Replies: 10
Views: 27329

PostForum: Code Reversing   Posted: Mon Nov 26, 2007 6:22 pm   Subject: priority levels of running programs.

the parameters are unknown to OllyDbg.


if it doesnt know it you can provide it externally

create a file named common.arg

inside it

type

STDFUNC ntdll.RtlCreateUserProcess <- ...
  Topic: priority levels of running programs.
stingduk

Replies: 10
Views: 27329

PostForum: Code Reversing   Posted: Mon Nov 26, 2007 5:54 pm   Subject: priority levels of running programs.
smss is a native executable and it runs in bootprocess also

native executable means an executable that runs when windows gui hasnt been initialised

for example the chkdsk program (your windows ...
  Topic: priority levels of running programs.
stingduk

Replies: 10
Views: 27329

PostForum: Code Reversing   Posted: Sun Nov 25, 2007 6:26 pm   Subject: priority levels of running programs.
never heard about ollydbg and its capabilities ? Smile

start --> run --> ollydbg -> view -> file ->smss.exe-> right click -> special -> peheader ->scroll down to Peheader.Im ...
  Topic: priority levels of running programs.
stingduk

Replies: 10
Views: 27329

PostForum: Code Reversing   Posted: Fri Nov 23, 2007 5:40 pm   Subject: priority levels of running programs.
smss (windows session manager service) is a native executable (IMAGE_SUBSYSTEM_NATIVE aka 0x01)

to load it in ollydbg you would have to modify the
subsystem flag to wither cui (console user inter ...
  Topic: Devoney's crackme
stingduk

Replies: 3
Views: 17086

PostForum: Code Reversing   Posted: Sun Nov 11, 2007 10:20 am   Subject: Devoney's crackme
The only design problem I know is that you must not change the name in length of the program itself.


ah then that could be the problem i didnt like a crack3.exe on my desktop so while downlaodin ...
  Topic: Devoney's crackme
stingduk

Replies: 3
Views: 17086

PostForum: Code Reversing   Posted: Sat Nov 03, 2007 7:03 pm   Subject: Devoney's crackme
well since you rated it 6/10 i thought ill give a look

but it seems it crashes Sad

are you selfmodifying the code ??

raw code looks like

00000405 E8 58020000 CALL 00000662
0000040A ...
  Topic: Stack problem
stingduk

Replies: 11
Views: 24692

PostForum: Coding Corner   Posted: Thu Nov 01, 2007 6:28 pm   Subject: Stack problem

How do professional software developers deal with this? Integrate a stack controling code segment to adjust the xx dynamicly in:
Code:
MOV EBX, DWORD PR SS:

professional programmers never ha ...
  Topic: About memory registers like EAX, AX, AH AL etc.
stingduk

Replies: 3
Views: 15584

PostForum: Coding Corner   Posted: Sat Oct 27, 2007 6:46 pm   Subject: About memory registers like EAX, AX, AH AL etc.
eax = ebx = ecx = edx 32 bit
ax = bx = cx = dx =16 bit
al = bl = cl =dl = 8bit

shl shifts bit they are bit wise operators

so shl 16 shifts 16 bits to left and shr 16 shifts 16 bits to right
  Topic: GlobalAlloc problem
stingduk

Replies: 2
Views: 13671

PostForum: Coding Corner   Posted: Sat Oct 27, 2007 6:42 pm   Subject: GlobalAlloc problem
use VirtualAlloc()

here is a simple c code that allocates memory the comments are masm syntax that you have to play with


#include <stdio.h>
#include <windows.h>


int main (vo ...
  Topic: Decompiler
stingduk

Replies: 5
Views: 21519

PostForum: Tools Garage   Posted: Tue Jun 19, 2007 9:22 am   Subject: Decompiler
there isnt one that works perfect

but there exists a few that are trying to get closer

as mentioned ida hexrays looks like ilfak is trying very hard

or you could check out boomerang
or chri ...
  Topic: bpx's "FlashMe"
stingduk

Replies: 3
Views: 18553

PostForum: Code Reversing   Posted: Tue Jun 19, 2007 9:20 am   Subject: bpx's "FlashMe"
well whats ollydbg there for ?

0013E4C4 3002E6BC RETURN to Flash9c.3002E6BC from Flash9c.3019D250
0013E4C8 0317E000 ASCII "rrrrrrrrrrrrrrrrrrrrrshit"
0013E4CC 00000001
0013E4D0 ...
  Topic: Adding Resource Section to a Console Based Executable
stingduk

Replies: 3
Views: 16380

PostForum: Coding Corner   Posted: Tue Jun 12, 2007 6:30 pm   Subject: Adding Resource Section to a Console Based Executable
i dont know if you are still following this or not

but i hate to put suggestions anywhere without actually trying it

so after i posted i juggled a little

and i see this is not really much ...
 
Page 1 of 10 Goto page 1, 2, 3, 4, 5, 6, 7, 8, 9, 10  Next
All times are GMT + 1 Hour
Jump to:  


Powered by phpBB © 2001, 2005 phpBB Group
 Copyright © 2022 BiW Reversing
 All trademarks and copyrights on this page are owned by their respective owners.
Powered By Geeklog 
Created this page in 1.16 seconds