| |
 |
| Posted by hannibal on Tuesday, December 08 @ 00:00:00 CST (695 reads) |
|
|
|
|
IDA和DumpBin等工具在检测Tls Callback函数时存在的一个问题,及解决方案 |
|
|
|
 |
|
IDA Pro plugin wizard的一个bug及修正方法
|
|  |
|
| Posted by hannibal on Wednesday, July 29 @ 15:32:17 CST (1133 reads) |
|
|
|
|
IDA Pro plugin wizard is great tools for writing IDA's plugin.
By using this tools, I find a little bug in it. the bug is that when your IDA's install path include a space.
for example:C:\Program Files\IDA(IDA's default install path)
IDA Pro plugin wizard will can't copy the .plw file to IDA's plugins folder. the reason of this bug is the tools use the command:
copy /y XXXXX.plw C:\Program Files\IDA\plugins
to copy the .plw file to IDA's plugins folder,if the IDA path include a space,this command will fail. I think I can fix this bug by changing a file. the file is \IDA_Plugin_Wizard_VS2005\Put Contents into AppWiz\IDA Pro Plugin\Scripts\1033\default.js No. 246 line is : idaBinDir = wizard.FindSymbol("BINPATH") + '\\plugins'; I chang it to : idaBinDir = '\"' + wizard.FindSymbol("BINPATH") + '\\plugins\"'; then save the file,the bug has be fixed.
看中文按下面的详细内容...
|
|
|
|
|
|
Reverse Engineering Code with IDA Pro第七章中文译稿
|
| |
|
| Posted by hannibal on Friday, January 16 @ 15:21:42 CST (2006 reads) |
|
|
|
|
声明
本文属于看雪学院《Reverse Engineering Code with IDA Pro》图书翻译项目(http://bbs.pediy.com/showthread.php?t=66430),本人负责翻译其中第七、八章。经与组织者商议,决定先行公开第七章译稿,作为本书的免费样章,以飨读者。在译稿中给出原文的原因是:在翻译过程中我们对原文进行了校对,发现了一些有问题的地方,在译稿中已经予以纠正。读者可以自行对照查阅。我们希望我们的中文译稿能比E文原版的质量更好一些☺
版权所有,谢绝转载。
内容提要:
从一个read()函数开始对协议进行分析
分析出协议数据包的格式
检查协议中是否隐藏有后门
使用IDA找出用于处理某种类型数据包的所有函数
|
|
|
|
|
|
Adobe Flash Player Code Execution Vulnerability(CVE-2007-0071)
|
| |
|
|
Vulnerabilities in Microsoft Word Could Allow Remote Code Execution(MS08-026)
|
| |
|
| Posted by wushi on Friday, November 14 @ 16:21:36 CST (1771 reads) |
|
|
|
|
all content from : http://secunia.com/gfx/pdf/SA30143_BA.pdf ,thanks secunia.
A vulnerability in Microsoft Word when processing drawing objects in RTF files can be
exploited by malicious people to compromise a user's system.
|
|
|
|
|
|
Mozilla Foundation Security Advisory 2008-55
|
| |
|
| Posted by wushi on Friday, November 14 @ 00:00:00 CST (1538 reads) |
|
|
|
|
Title: Crash and remote code execution in nsFrameManager
Impact: Critical
Announced: November 12, 2008
Reporter: ling and wushi of team509 (via TippingPoint)
Products: Firefox, Thunderbird, SeaMonkey
Fixed in: Firefox 3.0.4
Firefox 2.0.0.18
Thunderbird 2.0.0.18
SeaMonkey 1.1.13 |
|
|
|
|
| Posted by wushi on Saturday, May 17 @ 21:58:47 CST (2558 reads) |
|
|
|
|
I think all of you know that a 7.8-magnitude earthquake hit China's
Sichuan province on Monday. Till now, it's already caused over 28,500
death (the final number might reach 50,000). More than 100,000 people
injured and at least 12,000 people still buried under collapsed
buildings, many of them are children.
|
|
|
|
|
|
漫谈TLS_CallBack:原理、编程、手工感染及检测
|
| |
|
| Posted by hannibal on Friday, February 29 @ 14:55:25 CST (3929 reads) |
|
|
|
|
利用TLS_CallBack(线程局部存储回调函数)玩弄调试器以及感染PE文件的方法已经不算是什么新技术了。但是出乎我意料的是:前些日子无聊,翻译了IDA作者Guilfanov博客上的《TLS callbacks》一文竟然拿到了6个5分,呵呵。要知道,我自认为比较有质量的《利用Lookaside表实现Exploit的2种方法》也只有拿到5个5分啊!这是怎么了?
那篇《TLS callbacks》讲的不是很细,检测方法也值得商榷(当然这和文章的写作动机有关)。最主要是为了不要辜负这6个5分,另外也由于TLS_CallBack中文资料相对少,我再写篇详细的,很基础,大虾们就不用看了☺ |
|
|
|
|
| Posted by hannibal on Saturday, January 26 @ 23:18:39 CST (3051 reads) |
|
|
|
|
"Front End Allocator"究竟是什么意思?
以及一些题外话。 |
|
|
|
|
| Posted by hannibal on Monday, December 10 @ 12:36:34 CST (3654 reads) |
|
|
|
|
|
IDA作者blog上的文章,中文版 |
|
|
|
| |
|
|
| Thursday, November 29 | | · | JavaScript中的堆风水 |
| Wednesday, November 14 | | · | 利用Lookaside表实现Exploit的2种方法 |
| Thursday, November 08 | | · | 风闻《逆向工程的奥秘》出版 |
| Sunday, October 21 | | · | QQ 2007正式版的一个问题 |
| Monday, September 17 | | · | Blackhat一些文章的读后感(2) |
| Tuesday, September 04 | | · | 逆向C++(中文版) |
| Tuesday, August 14 | | · | Blackhat一些文章的读后感(1) |
| Sunday, August 12 | | · | Yahoo! Messenger 的一个远程堆溢出问题 |
| Thursday, July 12 | | · | xref的注册机 |
| Wednesday, May 16 | | · | 网络流量的模式分类问题(1) |
| Tuesday, April 03 | | · | 逆向工程的奥秘-中文版-第11章 -断点保护 |
| · | Hannibal关于翻译《逆向工程的奥秘》一书的声明 |
| Tuesday, March 06 | | · | 逆向工程的奥秘-中文版-第5章 -超越文档 -下 |
| · | 逆向工程的奥秘-中文版-第5章 -超越文档 -上 |
| Monday, February 12 | | · | raid5磁盘数据恢复 |
| · | 逆向工程的奥秘-中文版-第10章 -分析文件格式 -上 |
| Thursday, February 08 | | · | 逆向工程的奥秘-中文版-第10章 -分析文件格式 -中 |
| Wednesday, January 31 | | · | MSN messenger 7.x (8.0?)VIDEO协议分析及一个remote heap overflow |
| Wednesday, January 17 | | · | 淘宝旺旺的一个远程栈溢出漏洞(非activex,呵呵) |
| Thursday, January 04 | | · | ollypython 0.12 public |
| · | decompile python 的问题(4) |
| Monday, December 18 | | · | Python的decompile问题(3) |
| Friday, December 15 | | · | Python的decompile问题(2) |
| Friday, December 08 | | · | Python的decompile问题(1) |
| Thursday, December 07 | | · | freegate 6.2的加密算法及安全性分析 |
| Thursday, November 30 | | · | 网易 POPO 20060928(及以前)的一个远程DoS问题 |
| · | 逆向工程的秘密-中文版-第6章 -分析文件格式 |
| Wednesday, November 29 | | · | Sina UC 2006的一个远程DoS问题 |
| Wednesday, November 15 | | · | 逆向工程的秘密-中文版-附录3 -解密程序数据 |
| Sunday, November 05 | | · | Media Player Classic 的一个漏洞 |
|
|
|
|
|
