877.791.9571 |

About the Author:

Dejan Lukan is a security researcher for InfoSec Institute and penetration tester from Slovenia. He is very interested in finding new bugs in real world software products with source code analysis, fuzzing and reverse engineering. He also has a great passion for developing his own simple scripts for security related problems and learning about new hacking techniques. He knows a great deal about programming languages, as he can write in couple of dozen of them. His passion is also Antivirus bypassing techniques, malware research and operating systems, mainly Linux, Windows and BSD. He also has his own blog available here: http://www.proteansec.com/.
Physical-Address-03202013

Translating Virtual to Physical Address on Windows: Segmentation

Introduction

In this tutorial, we’ll go over the process of translating a virtual address to physical address the way a processor does it. To begin, let’s present a short overview […]

Log-Keystrokes-03182013

Logging Keystrokes with MSDOS: Part 2

Before reading this article, please take a look at the first part of the article accessible here. Also note that there will be no more articles regarding hooking of […]

Log-Keystrokes-03182013

Logging Keystrokes with MSDOS: Part 1

Introduction

In the previous article, we saw how we can compile the source code to a 16-bit binary executable, create an iso image with the executable stored in them and […]

IA-32-03152013

The IA-32 Real Mode and Interrupts

Introduction

We all know that the IA-32 processors have two modes of operation: real mode and protected mode. But why would we want to talk about real mode? The first […]

Interrupt-Vector-Table03132013

MSDOS and the Interrupt Vector Table (IVT)

Introduction

Upon booting up MSDOS, we can observe the memory using the “mem /d /p” command, which will show us exactly which part of memory is used by the system, […]

MemoryModel-03132013

Memory Models

Memory

We know about user mode and kernel mode, and how programs in user-mode can only use the memory from 0×00000000 to 0x7FFFFFFF, while the system uses the memory from […]

Registers-03042013

Presenting Registers

Introduction

Let’s present all of the registers, as seen in OllyDbg:

Let’s explain this picture a little better. At the top of the picture, the general purpose registers are given. The […]

KernelDebugging-03012013

Introduction to Kernel Debugging

Introduction

Before trying to debug the kernel, we must first understand a few things. We must know what the Rings in computer security are. Let’s take a look at the […]

Reversing-If-Statement-02282013

Reverse Engineering If Statements

Introduction

Summary: In this article, we’ll present a simple program that uses ‘if’ statements and then we’ll try to reverse engineer the compiled version of the program to figure out […]

Reversing-switch-02272013

Reversing Switch Statements

Introduction

In this article we’ll take a look at all the optimizations the compilers use to assembly the high-level switch statements into their assembly representations.

Switch Statements

The first example that we’ll […]

SoftICE-02262013

Introduction to SoftICE

It’s often the case that we need to debug a kernel application, like device driverS, system calls, interrupt routines, or some other kernel application. In this article we’ll talk […]

decrypted-code-02252013

Cracking the Defender: The Deobfuscated Code

Introduction

So far we’ve taken a look at the obfuscation routine and how it deobfuscates the instructions in the loc_4033D1. At the beginning point, the overview navigator will look like […]

ReversingLoops-02212013

Reversing Loops

Introduction

Every program nowdays contains branch statements where the decision making happens and loops where we’re repeating some piece of code. Obviously, we could write a program that wouldn’t use […]

IdaProgramP4-02202013

IDA Program Patching

Introduction

It’s not a rare occurrence when we want to load a binary executable in a debugger, change some bytes and then save the changed binary to a hard drive, […]

pass1-02192013

Cracking the Defender: Deobfuscation Routine

Introduction

In the previous tutorial we discussed a basic introduction to the Defender program. We’ve also looked at the sub_402EA8, which returns the base address of the ntdll.dll library in […]

LinearSweep02182013

Linear Sweep vs Recursive Disassembling Algorithm

Introduction

We know that there are two ways of disassembling a binary executable into its assembler instructions. The first technique is linear sweep algorithm and the second is recursive disassembling. […]

defender-exe-02152013

Cracking the Defender: Basic Information and sub_402EA8 Function

Introduction

Defender is an advanced crackme that was written by the Eldad Eilam for the purpose of reverse engineering. It contains several advanced protection mechanisms that a reverse engineer needs […]

Anti-Debugging-02122013

Anti-Debugging: Detecting System Debugger

Introduction

In the previous tutorial, we’ve talked about techniques that harden the reverse engineering of the executable and then we looked at anti-debugging techniques. We’ve mentioned the IsDebuggerPresent function and […]

Anti-Debugging-02122013

Anti-Debugging

Before we begin, we must mention that it’s impossible to completely prevent reversing. What is possible is that we can place as many obstacles on the way as we […]

IDA-Config-02112013

IDA Pro Configuration Options

Configuration Files

We know that some of the Ida’s settings are saved in the .idb archive database files, but are not actually persisted across global Ida settings. Configuration files are […]