Reversing : The Hacker's Guide to Reverse Engineering
Figure 5.5 Binary after splaying process. The new item is now the root node, and the rest of the tree is centered on it. From it ...
7C9215DA MOV EDI,EDI 7C9215DC PUSH EBP 7C9215DD MOV EBP,ESP 7C9215DF PUSH ESI 7C9215E0 MOV ESI,DWORD PTR [EBP+10] 7C9215E3 PUSH ...
and skips its header to get to the return value. As you would expect, this func- tion returns the pointer to the found element’s ...
RtlDeleteElementGenericTablehas three primary steps. First of all it uses the famous RtlLocateNodeGenericTable (ntdll.7C92147B) ...
struct NODE { NODE *ParentNode; NODE *RightChild; NODE *LeftChild; LIST_ENTRY LLEntry; ULONG Unknown; }; struct TABLE { NODE *To ...
void NTAPI RtlInitializeGenericTable( TABLE *pGenericTable, TABLE_COMPARE_ELEMENTS CompareElements, TABLE_ALLOCATE_ELEMENT Alloc ...
story, it is that reversing is always about meeting the low-level with the high- level. If you just keep tracing through registe ...
...
199 Most of this book describes how to reverse engineer programs in order to get an insight into their internal workings. This c ...
where this type of reverse engineering has been performed in order to achieve interoperability between the data formats of popul ...
Using Cryptex Before actually starting to reverse Cryptex, let’s play with it a little bit so you can learn how it works. In gen ...
Cryptex is quite straightforward to use, with only four supported commands. Files are encrypted using a user-supplied password, ...
into an archive file. Additionally, I would recommend trying out some long and repetitive password, to try and see if, God forbi ...
Unsurprisingly, Cryptex provides the following response: Cryptex 1.0 - Written by Eldad Eilam Listing all files in archive “Test ...
The first step you must take in order to get an overview of Cryptex and how it works is to obtain a list of its imported functio ...
99 CryptGetHashParam 8B CryptDestroyHash 8F CryptEncrypt 89 CryptDecrypt 85 CryptAcquireContextA MSVCR71.dll CA _c_exit FA _exit ...
The Windows Crypto API is a generic cryptographic library that provides support for installable cryptographic service providers ...
this time you have a real program to work with, so you can easily perform this reversing session from within a debugger. Before ...
00401205 JNZ SHORT cryptex.0040123C 00401207 PUSH EDI 00401208 MOV ECX,4 0040120D MOV EDI,cryptex.00405038 00401212 MOV ESI,cryp ...
quick check shows that 70597243 is the hexadecimal value for the characters CrYp, and 39586554 for the characters TeX9. Cryptex ...
«
7
8
9
10
11
12
13
14
15
16
»
Free download pdf