Journals

CodeBreakers Journal
Assembly Programming Journal

Journal Issues

Vol.5, No.1, 2008
Vol.4, No.2, 2007
Vol.4, No.1, 2007
Vol.3, No.2, 2006
RECON2006 Conf. Proc.
Vol.3, No.1, 2006
RECON2005 Conf. Proc.
Vol.2, No.1, 2005
Vol.1, No.2, 2004
Vol.1, No.1, 2004

Statistics

Members: 1925
News: 292
Web Links: 1
Visitors: 3702756

Who's Online

Damn Vulnerable LinuxDamn Vulnerable Linux (DVL) is a Linux-based (modified Damn Small Linux) tool for IT-Security & IT-Anti- Security and Attack & Defense. [CLICK HERE FOR MORE INFOS! ]

Featured Conference Video

T16-Recon2006-Joe_Stewart-OllyBonE.gif OllyBone - Semi-Automatic Unpacking on IA-32. View the conference video here!
Home arrow Articles - Black Hat Methods arrow Reverse Code Engineering arrow Reverse Engineering the Service Control Manager (SCM)
Reverse Engineering the Service Control Manager (SCM)
User Rating: / 0
PoorBest 
Written by Doug   
Side Story
Adding Imports by Hand

This is a tutorial about the imports i wrote "by the way" while solving a harder problem. It focus on 2 particular problems: Building up all the imports information and adding imports (both by hand). It does NOT touch the problem of reconstructing a dumped imports section but, hopefully, I will release tutorials on the later as i tackle more well-known packers. While elaborating this tutorial i worked on Win98 and WinXP, but everything should be a trivial translation for other OSes (excluding section 5, but this deal with the differences between Win2k and the rest of Oses).

 


Read More >>



The SC Manager exported API functions are located in ADVAPI32.DLL (winsvc.h header file in the platform sdk). These functions will ALL end up calling RPCRT4.DLL’s NdrClientCall2. If you want to do a lot of tracing, the madness begins there.


Keywords: Reverse Code Engineering; Service Control Manager; SCM

Download: pdf Reverse Engineering the Service Control Manager (SCM)