Skip to content

Category Archives: Assembler / Reversing

Debugging the CrashMe program

CrashMe, from the WinDbg developpers, may be a helpful application for those in the process of learning how to use a debugger or a disassembler. It simulates several crash situation that you will be able to easily reproduce and examine within these tools.

Posted 30 November 2011 § Security Comments (0) ° Tagged: , , ,

Debugging the MBR with IDA Pro and Bochs

Analyzing the MBR is sometimes required during a forensic process, if you suspect a malicious activity that is not detected on-line. With static analysis, you may see if an obvious corruption happened, but you will need to debug to learn more. Prerequisite : IDA Pro (6.0) with the IDA Python plug-in (1.4.3) Steps : Prepare [...]

Posted 20 January 2011 § Malware forensics § Security Comments (6) ° Tagged: , , , , , , ,

EMET: configure memory protection on Windows

Microsoft published a nice tool named EMET (Enhanced Mitigation Experience Toolkit) whose purpose is to check and enforce the memory security policies such as ALSR and DEP. It shows and allows to configure the global settings, but also, and this is the most interesting part, indicated for each process running if it supports those security [...]

Posted 25 September 2010 § Defense § Windows Comments (0) ° Tagged: , , , , ,

Removing executable password protection

Nice demo there.

Posted 18 December 2009 § Security Comments (0) ° Tagged: ,