CodeBreakers-Journal - Portal for IT-Security & IT-Anti-Security - Guide on How to Play with Processes Memory,

Side Story
Asprotected Notepad

Along this paper, i'll try to show common methods used by the anti-crack ppl to prevent from dumping or debugging. The general method of this paper is to debug into looking for all anti-debug, get rid of it and then, only then, analyze to understand how to dump (and how to prepare for dumping, as well). As an example, i will refer to the demo version of Asprotect (we will protect some common files like Notepad or Regedit) but there is NOT information about any commercial target (don't waste your time asking me for that).

Latest Papers

Journals

CodeBreakers Journal

Assembly Programming Journal

Journal Issues

RECON2006 Conf. Proc.

Vol.3, No.1, 2006

RECON2005 Conf. Proc.

Vol.2, No.1, 2005

Vol.1, No.2, 2004

Vol.1, No.1, 2004

Statistics

Members: 1927
News: 293
Web Links: 1
Visitors: 4053363

Featured Conference Video

OllyBone - Semi-Automatic Unpacking on IA-32. View the conference video here!

Home

Articles - White Hat Methods

Reverse Code Engineering

Guide on How to Play with Processes Memory,

Written by Shub Nigurrath

Side Story
Asprotected Notepad

This tutorial aim is to do a whole flight over loaders, memory patching and how to build them. Told this you might think that there’s nothing new in this, because there are several excellent tutorials (not that many anyway) already around, which already cover this argument, but the real final target of this tutorial is to teach how to write an “Oraculum”, and to write an Oraculum is impossible without first of all understanding all the things about loaders, processes and memory patching of applications. Download:

Guide on How to Play with Processes Memory,

Latest Papers

Popular Papers

Journals

Journal Issues

Statistics

Who's Online

Featured Conference Video