Introduction We all know that the IA-32 processors have two modes of operation: real mode and protected mode. But why would we want to talk
Memory We know about user mode and kernel mode, and how programs in user-mode can only use the memory from 0×00000000 to 0x7FFFFFFF, while the
Introduction Before trying to debug the kernel, we must first understand a few things. We must know what the Rings in computer security are. Let’s
Introduction Summary: In this article, we’ll present a simple program that uses ‘if’ statements and then we’ll try to reverse engineer the compiled version of
Introduction In this article we’ll take a look at all the optimizations the compilers use to assembly the high-level switch statements into their assembly representations.
It’s often the case that we need to debug a kernel application, like device driverS, system calls, interrupt routines, or some other kernel application. In
Introduction So far we’ve taken a look at the obfuscation routine and how it deobfuscates the instructions in the loc_4033D1. At the beginning point, the
Introduction Every program nowdays contains branch statements where the decision making happens and loops where we’re repeating some piece of code. Obviously, we could write
Introduction It’s not a rare occurrence when we want to load a binary executable in a debugger, change some bytes and then save the changed
In the last installment, we examined the PEB Loader Data Structure. We take up the discussion here. Locate and Isolate the Embedded Decrypted Executable Once
Introduction In the last article, I discussed in quite some detail how exactly the dropper for Bundestrojaner worked. In my next article what I’d been
Introduction In this paper we are going to talk about the Anticloud Trojan, also know as the TrojanDropper:Win32/Bohu.A and B variant. This malware originated in China
Part Two in a multi-part series on holistic, multi-disciplinary analysis and reversing. You can read part one of this series here. The last post, “Mutex
(quick plug – to all current & future reverse engineers – check out our Reverse Engineering Training Course. We’d love to publish your work next!) Part
