Reversing : The Hacker's Guide to Reverse Engineering

In this sequence, the first value pushed into the stack is the starting address of the encrypted data and the second value pushe ...

Now, all that’s missing is the encrypted data and the token sequence. Here are the two arrays you’re dealing with here: DWORD dw ...

The return value from this function can be fed into the following code: char name[256]; char fsname[256]; DWORD complength; DWOR ...

You’re going to have to brute-force the calling function as well—it’s the only way to find this key. In this function, the encry ...

Congratulations! You’ve just cracked Defender! This is quite impressive, considering that Defender is quite a complex protection ...

previous, encrypted block, and then to XOR the result with the key. This algo- rithm is quite secure and should not be compared ...

To make it very difficult to determine which API the program is trying to call APIs are searched using a checksum value computed ...

■■ Adding periodical checksum calculations from the main thread that verify the verification thread. If there’s a checksum misma ...

User-Input-Based Decryption Keys The two most important functions in Defender are simply inaccessible unless you have a valid se ...

very challenging and enjoyable. If you enjoyed the reversing sessions pre- sented in this chapter, you might enjoy cracking some ...

PART IV Beyond Disassembly 18_574817 pt04.qxd 3/16/05 8:52 PM Page 421 ...

18_574817 pt04.qxd 3/16/05 8:52 PM Page 422 ...

423 This book has so far focused on just one reverse-engineering platform: native code written for IA-32 and compatible processo ...

ground rules of the .NET platform, as well as with the native language of the .NET platform: MSIL. I’ll go over some simple MSIL ...

Figure 12.1 The original source code and the decompiled version of a simple C# function. public static void Main(){ int x, y; fo ...

.NET Basics Unlike native machine code programs, .NET programs require a special envi- ronment in which they can be executed. Th ...

Figure 12.2 Relationship between the common language runtime, IL, and the various .NET programming languages. .NET Framework Com ...

.NET Programming Languages .NET is not tied to any specific language (other than IL), and compilers have been written to support ...

a reference to the actual data, much like the conventional notion of pointers. Values are typically allocated on the stack or in ...

The Evaluation Stack The evaluation stack is used for managing state information in .NET pro- grams. It is used by IL code in a ...