Practical Reverse Engineering Practice
http://rioshen.logdown.com/posts/220416-practical-reverse-engineering-practice
https://bin.re/blog/practical-reverse-engineering-solutions-page-17/
https://link.springer.com/chapter/10.1007/978-981-19-0336-6_5
Reverse Engineering | SpringerLink
Version 1 – Based on RET
Version 2 – Based on JMP
Version 3 – Based on CALL
https://www.nikj.fr/walkthroughs/prr_ex1/
Practical Reverse Engineering - Ex 1 •
Tutorial - Setup Remote Kernel Debugging Oct 4, 2021 Setup Remote Kernel Debugging for Kernel Driver development ... ➦
Tutorial - Unpack Self Injection Packer Apr 15, 2021 Malware authors try to hide themselves from antivirus and make analysis harder for analysist. One technique they use is call packing, it means to make the code more obfuscated and unreable. In this post, we'll look at one specific kind of unpacking technique that you can use to finally start the analysis of the real payload. This technique is call Self-Injection. ... ➦
Reverse EIP function name breakpoint GetProcAddress
https://medium.com/@nebdar/malware-basics-manually-unpacking-5-malware-samples-with-x32-64dbg-pma-labs-4c9b540b5456
Malware Basics: Manually unpacking 5 malware samples with x32-64dbg (PMA labs) | by Chloe Security System | Medium
https://github.com/mikesiko/PracticalMalwareAnalysis-Labs
Finding OEP: We can use OllyDbg or x64-dbg to find the original entry point which is the first instruction before the program was packed, We need to find the tail jump, which is the instruction that jumps from the unpacking stub to the OEP.
"_IMPORT_DESCRIPTOR_KERNEL32" "kernel32.dll" "ADVAPI32"
OllyDbg OllyDmp plugin
kernel32 advapi32 gdi32 user32 explorer
IApiTracingDataCollector Win32
https://monoinfinito.wordpress.com/series/exception-handling-in-c/
C++ exception handling internals
https://stackoverflow.com/questions/71540648/how-to-get-rtti-from-member-function-pointers
ABI reference c++ CXX ABI
https://github.com/itanium-cxx-abi/cxx-abi
https://itanium-cxx-abi.github.io/cxx-abi/abi.html
Application Binary Interface (ABI) for C++ programs
Acknowledgements
Chapter 1: Introduction
1.1 Definitions
1.2 Limits
1.3 Namespace and Header
1.4 Scope of This ABI
1.5 Base Documents
Chapter 2: Data Layout
2.1 General
2.2 POD Data Types
2.3 Member Pointers
2.4 Non-POD Class Types
2.5 Virtual Table Layout
2.6 Virtual Tables During Object Construction
2.7 Array Operator new Cookies
2.8 Initialization Guard Variables
2.9 Run-Time Type Information (RTTI)
Chapter 3: Code Emission and APIs
3.1 Functions
3.2 Virtual Calls
3.3 Construction and Destruction APIs
3.4 Demangler API
Chapter 4: Exception Handling
Chapter 5: Linkage and Object Files
5.1 External Names (a.k.a. Mangling)
5.2 Vague Linkage
5.3 Unwind Table Location
Appendix R: Revision History
沒有留言:
張貼留言