Journals

CodeBreakers Journal
Assembly Programming Journal

Journal Issues

Vol.5, No.1, 2008
Vol.4, No.2, 2007
Vol.4, No.1, 2007
Vol.3, No.2, 2006
RECON2006 Conf. Proc.
Vol.3, No.1, 2006
RECON2005 Conf. Proc.
Vol.2, No.1, 2005
Vol.1, No.2, 2004
Vol.1, No.1, 2004

Statistics

Members: 1925
News: 292
Web Links: 1
Visitors: 3680408

Who's Online

We have 1 guest online
Damn Vulnerable LinuxDamn Vulnerable Linux (DVL) is a Linux-based (modified Damn Small Linux) tool for IT-Security & IT-Anti- Security and Attack & Defense. [CLICK HERE FOR MORE INFOS! ]

Featured Conference Video

T16-Recon2006-Joe_Stewart-OllyBonE.gif OllyBone - Semi-Automatic Unpacking on IA-32. View the conference video here!
Home arrow About/Disclaimer
Reverse Engineering Microsoft Binaries
User Rating: / 0
PoorBest 
Written by Alexander Sotirov   
Side Story
Reverse Engineering and the DMCA

For years we of the reverse engineering community have fought to have the word cracker removed from what we do. In the old days, it was a correct word. Then the warez/serialz whores came out and took what they learned or stole and made outrageous claims in order to earn some kind of respect from people who elude me. The RCE community renamed them script kiddies for the fact that once they swiped someone in the RCE community's work, they just applied it to every software that had that certain protection. Warez and serialz were released and somehow the RCE community got blamed.

So, we changed the rules. No names of targets. No keygens or patches that show directly how to circumvent. No complete code listings showing where and how to circumvent. This was done specifically to stop the crackers from releasing masses of warez. Script kiddies only want the glory of seeing their name show up in search results when looking for warez or serialz. They have only the most basic of skills, just enough to know how to apply RCE work so they can steal.

Read More >>



One of the applications of reverse engineering in computer security is the analysis of operating systems and software for which no source code is available. Most commonly the target is Microsoft Windows, and the goal is to find new 0-day vulnerabilities or to understand the full impact of old bugs. Reverse engineering Microsoft software presents numerous challenges. Based on his experience with reversing all Microsoft patches from the last 6 months, the speaker will present a number of techniques for improving the accuracy of the disassembly output and automating the reverse engineering process. He will begin with an overview of the differences between analyzing Microsoft binaries and other forms of reverse engineering, such as disassembling malware. He will cover common MSVC compiler optimizations, function chunking, C++ vtables, COM objects, exception handling and more. In the second part of the presentation he will focus on the problems with loading symbols and improving the results of the IDA Pro autoanalysis. Finally, he will release the source code of an IDA plugin that improves symbol loading and fixes common disassembly problems. Most of the information presented is applicable to non-Microsoft applications as well, but the examples he provides focus on my experience with reversing Microsoft patches.

 

Download: http://www.secure-software-engineering.com/downloads/recon2006/recon2006_Sotirov_ Reverse_Engineering_Microsoft_Binaries.pdf

Download: http://www.secure-software-engineering.com/downloads/recon2006/recon2006_Sotirov_ Reverse_Engineering_Microsoft_Binaries.idb