Contribute  :  Web Resources  :  Past Polls  :  Site Statistics  :  Downloads  :  Forum  
    BiW ReversingThe challenge is yours    
 Welcome to BiW Reversing
 Wednesday, August 23 2017 @ 03:49 PM CEST

AsProtect - A reverse engineering approach

 Email Article To a Friend View Printable Version 

Tutorials

*** AsProtect - A reverse engineering approach ***

***** ***** by crUsAdEr ***** ****

This tutorial aims to discuss more about internal working of AsProtect mainly, more than just unpacking it. So if you just want to unpack it and don't want to waste your time on reverse engineering, forget the second part of this tutorial!

TOOLS used :
IDA 4.15
Soft Ice on Win2k
LordPE
Revirgin (for unpacking only)
WinHex (for unpacking only)

Targets : ReGet Deluxe 3.0 beta (build 117) (but I think any program protected with the same version of AsProtect will do)
Included : asprotect dll


read more (14469 words) 0 comments
Post a comment

Manually Skinning Armadillo 2.61

 Email Article To a Friend View Printable Version 

Tutorials

*** Armadillo – MANUALLY skinning the mutant ***

***** ***** by crUsAdEr ***** ****

This tutorial aims to discuss about Armadillo 2.61 protection and how to MANUALLY remove the armadillo protection layer! Hopefully this will demonstrate some manual unpacking techniques that have been forgotten as crackers get more and more dependent on tools.

TOOLS used :
IDA 4.15
Soft Ice on Win2k SP3
LordPE Deluxe

Targets : Get Right 5.0 beta 1

Prologue

Armadillo 2.61 just released with a few new features that make it slightly more interesting to reverse. The fact that Armadillo debugs its own protected program make it harder for us, crackers to debug the target but the good side is that Armadillo code is not obfuscated or encrypted in anyway so we can disassemble the protection layer and study it in IDA.

i)All code snippets in this tutorial are taken from IDA disassembly, beside the IAT redirection part, code snippets in other parts of this tutorial can be found at the same address in IDA if you can obtain the same version of “getright.exe” file.

ii) Throughout this essay, I used variable names like “d ebp+someName” to make it easier for readers to follow, when you are in sice, you have to type out the actual value, for example “d enp+FFFFFAE0”.

iii)Armadillo protected programs starts 2 process, the protecting layer debugs the protected target so I shall refer to the debugger as “server” and the debugee as “client”.

iv) Also note that IAT redirection on WIN9x is different from winNT/2k/XP so this essay only discuss IAT redirection on win2k though you can find the redirection routine on win9x in a similar way!

(Finally, please READ those threads in Fravia board about Armadillo protection and also make SURE you have a solid understanding of PE format as it is essential to rebuild a working PE image!)


read more (9091 words) 0 comments
Post a comment

How to change Windows XP boot logo

 Email Article To a Friend View Printable Version 

Tutorials

Target: Windows XP Pro kernel file (can be also Home or Embedded version)
Tools used:

Resource Hacker 3.2.2 (for pictures changing, you can use any other resource editor)

Hiew 6.11 (for palette changing, you can use any hex editor)

IrfanView 3.85 (for palette replacing in pictures to look how do they look after that, you can use any other viewer or editor)

An image editor (for a new image editing)

Author: Wizard
Date: 29.10.2003
Level 2/10
Origin: An intellectual is someone whose mind watches itself, Mark Twain
Essay
Today's issue is dedicated to changing the startup logo of Windows XP. Well, I suppose anyone who used Windows 2000 (NT 5) or Windows XP (NT 5.1) for a long time might probably fed up with standard Windows logotype during the boot.
You may say, so what there're lots of tools around the net, which can change the logo like 1, 2, 3. Of course, it is so, but those tools can learn you nothing. If you wanna learn something then get your spade & let's start digging-in.

read more (3135 words) 0 comments
Post a comment

Crc32 Reversing

 Email Article To a Friend View Printable Version 

TutorialsHello,

well today I'm gonna teach you *censored*ers an easy way of 'reversing' crc32. CRC stands for Cyclic Redundancy Check and 32 the size of the result in bits, 32 bits = 1 dword = 4 bytes. Ok, enough of this crap. My method of finding out the values necessary for resulting in a given crc goes like this:


read more (446 words) 1 comments
Most Recent Post: 02/09 09:58AM by Devoney

ExeCryptor 2.3.9 - Unpacking

 Email Article To a Friend View Printable Version 

TutorialsLevel : intermediate

This is very short tutorial that brings just some small update for previous ones. Target is ExeCryptor 2.3.9 itself which can be found on official protector site. Tutorial shows unpacking and not cracking target. You will need OllyDbg (some script plugin, and some hide plugin), LordPE, ImpREC and Windows XP.


read more (2044 words) 1 comments
Most Recent Post: 12/10 11:19AM by thorpe
 Copyright © 2017 BiW Reversing
 All trademarks and copyrights on this page are owned by their respective owners.
Powered By Geeklog 
Created this page in 0.08 seconds