From Collaborative RCE Knowledge Library

Jump to: navigation, search

Windows Internals Articles


Item name: Anti-Anti Dump and Nonintrusive Tracers
Rating: 0.0 (0 votes)
Author: deroko                        
Home URL: http://www.accessroot.com/
Last updated:
Version (if appl.):
Direct D/L link: http://185.62.190.110/accessroot/arteam/site/download.php?view.10
Description: "A novel method to manage new anti-dump buffer-based protections used by latest protectors as AsProtect SKE, Armadillo etc (sources included)"
Also listed in: Windows Anti Reversing Articles, Windows Unpacking Articles
More details: Click here for more details, images, related URLs & comments for this item! (or to update its entry)



Item name: Portable Executable File Format – A Reverse Engineer View
Rating: 0.0 (0 votes)
Author: Goppit                        
Home URL: N/A
Last updated: January 2006
Version (if appl.):
Direct D/L link: Locally archived copy
Description: This tutorial aims to collate information from a variety of sources and present it in a way which is accessible to beginners. Although detailed in parts, it is oriented towards reverse code engineering and superfluous information has been omitted.
Also listed in: (Not listed in any other category)
More details: Click here for more details, images, related URLs & comments for this item! (or to update its entry)



Item name: Subverting Windows7 x64 kernel with DMA attacks
Rating: 0.0 (0 votes)
Author: Christophe Devine, Damien Aumaitre                        
Home URL: https://bob.cat/
Last updated: July 4, 2010
Version (if appl.):
Direct D/L link: http://conference.hitb.org/hitbsecconf2010ams/materials/D2T2%20-%20Devine%20&%20Aumaitre%20-%20Subverting%20Windows%207%20x64%20Kernel%20with%20DMA%20Attacks.pdf
Description: This presentation will focus on concrete examples of compromising the Windows 7 x64 operating system, in effect bypassing two major security mecanisms: code signing and integrity verification (PatchGuard).

First, we’ll explain the internal structures of the operating system, and how they differ from previous versions. Then we describe how to alter these structures in order to gain control over the execution flow. The implementation of this attack is then presented, using an embedded soft-core MIPS CPU implemented on an FPGA PCMCIA/CardBus card.

Finally, we will conclude on the importance of new protection features included in recent CPUs, in particular the IOMMU and TXT.
Also listed in: Windows Reversing Technique Articles
More details: Click here for more details, images, related URLs & comments for this item! (or to update its entry)



Item name: Using Memory Breakpoints with your Loaders
Rating: 0.0 (0 votes)
Author: Shub-Nigurrath                        
Home URL: http://www.accessroot.com
Last updated:
Version (if appl.):
Direct D/L link: http://www.accessroot.com/arteam/site/files/video/Using_Memory_Breakpoints_by_Shub-Nigurrath_preview.pdf
Description: "This tutorial will discuss how memory breakpoints work and how to use them for you own loaders. It's an ideal prosecution of the already published Beginner's Tutorial #8 [1], where I already covered hardware and software breakpoints quite extensively (at beginner's level of course)."
Also listed in: Windows Tool Articles, Windows Unpacking Articles
More details: Click here for more details, images, related URLs & comments for this item! (or to update its entry)



Item name: Writing a loader for an application packed with an unknown packer:
Rating: 0.0 (0 votes)
Author: Shub-Nigurrath                        
Home URL: http://www.accessroot.com
Last updated: September 2005
Version (if appl.):
Direct D/L link: http://www.accessroot.com/arteam/site/download.php?view.180
Description: "The question this tutorial tries to address is how to write a loader for an application which is packed with an unknown packer, what events to trace and how to proceed in order to faster get a working loader, able to patch the target."
Also listed in: Windows Unpacking Articles
More details: Click here for more details, images, related URLs & comments for this item! (or to update its entry)



Item name: X86/Win32 Reverse Engineering Cheat Sheet
Rating: 0.0 (0 votes)
Author: Nick Harbour                        
Home URL: http://www.rnicrosoft.com
Last updated: 2009
Version (if appl.):
Direct D/L link: http://www.rnicrosoft.net/docs/X86_Win32_Reverse_Engineering_Cheat_Sheet.pdf
Description: This cheat sheet actually covers some PE vocabulary, X86 registers and common ASM instructions as well as a stack description or assembler directives.

Nice to print and pinpoint on your office wall.
Also listed in: (Not listed in any other category)
More details: Click here for more details, images, related URLs & comments for this item! (or to update its entry)




RSS feed Feed containing all updates and additions for this category.

RSS feed Feed containing all updates and additions for this category, including sub-categories.





Views
Category Navigation Tree
   Tools