Comments for souriz's weblog

Comment on # bug in Process Explorer (a gift for malware) by Dima

Dima — Tue, 13 May 2008 15:05:57 +0000

Seems like it works on XP as well. I’ve written a simple python script for Immunity Debugger which utilizes the idea. Tested it on XP SP2 and all the results it was showing were pretty much correct. Nice observation. Here is the script.

#!/usr/bin/env python

__VERSION__ = ‘1.0′

import immlib
import array
import struct

def main():
imm=immlib.Debugger()
allthreads=imm.getAllThreads()

for thread in allthreads:
stackTop = thread.getStackTop()

possibleEntry = imm.readLong(stackTop-8)
if possibleEntry == 0:
possibleEntry = imm.readLong(stackTop-0xC)

imm.Log(“Thread %.08X | Stack top: %.08X | Entry point: %.08X” % (thread.getId(), stackTop, possibleEntry))

if __name__==”__main__”:
print “This module is for use within Immunity Debugger only”

Comment on Hello world! by kajros

kajros — Sat, 10 May 2008 20:34:59 +0000

Hi, Kris!

I’m application programmer, not hacker.
I has old mobile Sony Ericsson T630 with support mophun and j2me (midp 1.0, without file system support) sandboxes for games.
My “stupid” idea is launching NES games in this phone.
I found by googling two j2me-driven emulators vNes and Nescube, but are midp-2.0.
Porting j2me-emulator will be very slow by any way (imho), but
platform Mophun is obsolete, and has certificate problem.
My first steps:
-I had downloading Sony Ericsson Java ME SDK for CLDC
-I had downloading Mophun SDK
Immediate 6502-processor (for NES platform) emulating will be slow, I think so. Then transformation NES-API to Mophun-API it would seem better.
Mophun platform is based on C with API-extensions for game development, and faster than j2me byany way. Certificate process by mocert (net utility for signing code) has lapsed (support has discontinued). I has googled and found vst (vendor signing tool) utility, but documentation is absent (I don’t khow what args).
Can you give me bits of help?

With best regards

Comment on free IDA Pro training by Caleb Sakujja

Caleb Sakujja — Fri, 09 May 2008 15:38:05 +0000

What do you speaking about? How you could so to think?

2 Kris:
I with pleasure would arrive, at all to train the skills in reversing and programming, and is simple because i would like to communicate to such person.

Comment on # thinking in IDA Pro – how to obtain a copy by vettimails

vettimails — Thu, 08 May 2008 16:13:09 +0000

yahoo!! I am a big fan of your “Hacker Disassembling” and Shell code book. Can’t wait to get a copy of your new book….

Btw, when is it planned to come out???

Comment on free IDA Pro training by souriz

souriz — Wed, 07 May 2008 21:47:07 +0000

what makes you think so? I have had more women than you can imagine (including rock-stars and other bright persons), however, sex doesn’t excides me very much and turns me on, but RE and debugging does. the feeling of understanding that I have understood something gives me hi, it’s like an orgasm even better, much better. wow! stop! I just realized: I refer my PC as “he”, as well as debugger (soft-ice, syser, olly), but IDA is female name and I refer the dissasembler as “she”, so I have at least one woman who doesn’t cheat me. back to your question: no, never be and never will and I’m not curious to try.

Comment on free IDA Pro training by adam

adam — Wed, 07 May 2008 21:18:41 +0000

are you a homosexual? just curious.
-a

Comment on # thinking in IDA Pro – how to obtain a copy by souriz

souriz — Wed, 07 May 2008 12:19:19 +0000

thanks for your interest!
.NET will be describe quite complete, including interaction between managed and unmanaged code, buffer overflows technology, exploiting JIT compilers and more. C# will be the primary subject and the rest (like F# he-he) – the secondary.

I’m going to describe how to reverse BIOS-firmware and DVD firmware as well.

Comment on # thinking in IDA Pro – how to obtain a copy by Anton

Anton — Tue, 06 May 2008 21:32:25 +0000

Nice news, thanks!
Reversing technique for .NET programs written in C# needs. Especially new .NET 3.0 and above.

BTW — how to reverse dvd-burners’ firmwares?
I. e. http://tdb.rpc1.org — I don’t know how it wuz done ;))

Comment on # thinking in IDA Pro – how to obtain a copy by souriz

souriz — Tue, 06 May 2008 00:01:55 +0000

I’m going to describe IDA 5.2 (scripts, plug-ins with a lot of examples), x86, x86-64, .NET, JVM, processor modules for custom virtual machines, PE, ELF, crash/core dumps, firmware – just a few to say. the book will be rewritten from the scratch.
thanks for your interests!

Comment on # thinking in IDA Pro – how to obtain a copy by Ray

Ray — Mon, 05 May 2008 19:57:37 +0000

The new one it’s very good!
What version of IDA you’ll describe,may be the latest version,5.2?
Will you describe any technics of reversing .NET programs ?
May be in a new one will be something principled new?