Sunday, June 17, 2007

forgers win32

hi
This tutorial attempts to get you started developing with the Win32 API
as quickly and clearly as possible. It is meant to be read as a whole,
so please read it from beginning to end before asking questions… most
of them will probably be answered. Each section builds on the sections
before it. I have also added some solutions to common errors in
 
Appendix A. If you ask me a question that is answered on this page,
you will look very silly.
link spanish:
link  italy:
link arabic:
LINK EN:
Posted by REM in 19:36:58 | Permalink | Comments (1) »

FUN SECTION

HI
 i put  a lot of things in the fun section  ….anything  i think its fun …image …programs…links…any thing ..i like :)
so this section hasn’t any problem
relax
we are :) rvrs eng. b10g
dont worry
Wink
Posted by REM in 19:15:57 | Permalink | No Comments »

WATH ….

WHAT DO U THINK?
Posted by REM in 19:07:42 | Permalink | No Comments »

WHAT ….

 
WHAT DO U THINK?
Posted by REM in 19:03:52 | Permalink | No Comments »

Unpacking malicious software using IDA Pro extensions

hi
Unpacking malicious software using IDA Pro extensions
A paper by Dennis Elser
In almost all cases of today’s malicious software, executable packers or -crypters are
used in order to obfuscate code and data. In some cases unpackers and dumpers are
a ailable. In  ery few cases t!ey actually work on packed malware executables due
to modifications of internal structures suc! as t!e P” !eader.
link:
Posted by REM in 18:45:42 | Permalink | Comments (2)

Class And Interface To Names

hi
This small IDAPython script scans an idb file for class and interfaces UUIDs and creates the matching structure and its name. Unfortunately IDA doesn’t do this automatically, thus this little helper. It personally helped me alot, while reversing several malwares using the COM interface, e.g. for browser or outlook manipulation, BITS file transfer or dumping the protected storage. The script was tested with IDAPython v0.9.0 and Python 2.4. Make sure to copy interfaces.txt + classes.txt + ClassAndInterfaceToNames.py to IDADIR, e.g. C:\Program Files\IDA
link:
Posted by REM in 18:40:43 | Permalink | No Comments »

Superkill V1.0

hi
Superkill is a is small tool to kill processes, which are normally protected from being stopped on application level.
After starting Superkill it detaches its driver from the RC_DATA resource area, installs it as service and runs the
driver. Communication between applevel code and driver is being handled through the DeviceIoControl() function. Full source code included.
link:
Posted by REM in 18:38:58 | Permalink | No Comments »

IDA API Help v 0.3

hi
IDAAPIHelp is a small IDAPython script, that saves time when searching for API Information while e.g. analyzing a malware with IDA Pro. It looks at cursor position for a valid api call and if found it tries to show you the eligible API Info from the provided helpfile.
link:
Posted by REM in 18:32:06 | Permalink | No Comments »

MUP EXECryptor 2.50 and olds ;)

hi
there is not any comment:)
u  know whats that ;)
this is a flash video that is arabic
link:
Posted by REM in 18:29:21 | Permalink | No Comments »

Manual unpacking and Auto-IAT fixing UPX and Aspack

hi
This flash movie covers how to manual unpack and Auto-IAT fix UPX and Aspack packed binaries. It might be useful for people who are new to malware analysis and don’t have a clue how to unpack and repair a binary. The introduced technique works for many other easy executable packers like FSG too. For best view use a resolution of 1024×768 or higher and select fullscreen (F11) in your browser
link:
Posted by REM in 18:24:25 | Permalink | No Comments »