Jump to content
[Please Read] Have problems logging in? Check here how to fix
[Please Vote] What financial markets do you trade now?

NT8 dlls

laser1000it

By ⭐ laser1000it
in Ninja Trader 8

 Share

Recommended Posts

laser1000it Apprentice

⭐ laser1000it

Posted
Posted

I think that until some good soul does not teach us how to educate NT8 dlls, this thread will be useless ...... it will be only a long request and nothing else ..... who actually knows how to clean the dlls does only for an economic fee .... let's not forget that in a few years a new release 9 will be ready (it could be called NT9 or NT10) and will have even stricter protections than the current ones .... so I don't know if it's worth it have this thread

 

they are only my considerations but I don't think I'm far from reality

 

Link to comment
Share on other sites
  • 1 year later...
  • 3 months later...
Fral Newbie

Fral

Posted
Posted

[TABLE=border: 1, cellpadding: 0, cellspacing: 0]

[TR]

[TD]100 + DEOBFUSCATORS FOR C# OR .NET || VERY HQ[/TD]

[TD] [/TD]

[/TR]

[TR]

[TD]https://cracked.io/Thread-100-Deobfu...14#pid29530014[/TD]

[TD] [/TD]

[/TR]

[TR]

[TD] [/TD]

[TD] [/TD]

[/TR]

[TR]

[TD] [/TD]

[TD]Agile[/TD]

[/TR]

[TR]

[TD] [/TD]

[TD]AgileStringDecryptor - A dynamic agile string decryptor that relies on invoke.[/TD]

[/TR]

[TR]

[TD] [/TD]

[TD]ArchangelCloak[/TD]

[/TR]

[TR]

[TD] [/TD]

[TD]ArchangeIUncloaker - Public ArchangelCloak Deobfuscator[/TD]

[/TR]

[TR]

[TD] [/TD]

[TD]Atomic[/TD]

[/TR]

[TR]

[TD] [/TD]

[TD]Atomic-Deobfuscator - A deobfuscator for Atomic obfuscator[/TD]

[/TR]

[TR]

[TD] [/TD]

[TD]AutoIt[/TD]

[/TR]

[TR]

[TD] [/TD]

[TD]DeobHellper - Yeat Another AutoIt Deobfuscator[/TD]

[/TR]

[TR]

[TD] [/TD]

[TD]Autori Obfuscator[/TD]

[/TR]

[TR]

[TD] [/TD]

[TD]NeonFuscatorDeobfuscator - .NET Deobfuscator for Autori Obfuscator (NeonFuscator)[/TD]

[/TR]

[TR]

[TD] [/TD]

[TD]Babel[/TD]

[/TR]

[TR]

[TD] [/TD]

[TD]BabelDeobfuscator - BabelDeobfuscator is an open-source deobfuscator for BabelObfuscator[/TD]

[/TR]

[TR]

[TD] [/TD]

[TD]DeBabelVM - DeBabelVM is a restorer for the Babel Obfuscator - This will restore 'msil encrypt' methods for Babel[/TD]

[/TR]

[TR]

[TD] [/TD]

[TD]Babel-Deobfuscator - Babel-Deobfuscator is an open-source deobfuscator for Babel Obfuscator.[/TD]

[/TR]

[TR]

[TD] [/TD]

[TD]BoxedAppPacker[/TD]

[/TR]

[TR]

[TD] [/TD]

[TD]BoxedAppUnpacked - Tool to unpack .net assemblies packed by BoxedAppPacker[/TD]

[/TR]

[TR]

[TD] [/TD]

[TD]BytePress[/TD]

[/TR]

[TR]

[TD] [/TD]

[TD]BytePressDecompressor - Unpacks files compressed by BytePress(https://github.com/roachadam/bytepress)[/TD]

[/TR]

[TR]

[TD] [/TD]

[TD]Beebyte[/TD]

[/TR]

[TR]

[TD] [/TD]

[TD]beeless - BeeByte Deobfuscator. Used it to deobfuscate an Unity3D Game. Alternatively, de4dot works aswell.[/TD]

[/TR]

[TR]

[TD] [/TD]

[TD]Confuser 1.9[/TD]

[/TR]

[TR]

[TD] [/TD]

[TD]ConfuserDeobfuscator - Deobfuscator for Confuser 1.9.0.0 release[/TD]

[/TR]

[TR]

[TD] [/TD]

[TD]DeConfuser - This is a deobfuscator for protected confuser assemblies[/TD]

[/TR]

[TR]

[TD] [/TD]

[TD]Confuser-Methods-Decryptor - Confuser-Methods-Decryptor[/TD]

[/TR]

[TR]

[TD] [/TD]

[TD]ConfuserEx[/TD]

[/TR]

[TR]

[TD] [/TD]

[TD]NoFuserEx - Free deobfuscator for ConfuserEx.[/TD]

[/TR]

[TR]

[TD] [/TD]

[TD]Netguard-Unpacker-Public - Public NetGuard Deobfuscator[/TD]

[/TR]

[TR]

[TD] [/TD]

[TD]ClarifierEx - Deobfuscator for ConfuserEx[/TD]

[/TR]

[TR]

[TD] [/TD]

[TD]Rzy-Protector-V2-Unpacker - An unpacker (deobfuscator) for the protector (obfuscator) Rzy Protector V2.[/TD]

[/TR]

[TR]

[TD] [/TD]

[TD]ConfuserEx-Dynamic-Unpacker - A dynamic confuserex unpacker that relies on invoke for most things[/TD]

[/TR]

[TR]

[TD] [/TD]

[TD]ConfuserEx-Unpacker-Mod-By-Bed - Edited copy of cawks confuserex unpacker, support more than your averageprogram[/TD]

[/TR]

[TR]

[TD] [/TD]

[TD]ConfuserEx-Unpacker-2 - An Updated ConfuserEx Unpacker Based On Emulation to be more reliable[/TD]

[/TR]

[TR]

[TD] [/TD]

[TD]Krawk-Unpacker - Krawk Unpacker[/TD]

[/TR]

[TR]

[TD] [/TD]

[TD]EasyPredicateKiller - Replacing and Calling ConfuserEx x86 Predicates[/TD]

[/TR]

[TR]

[TD] [/TD]

[TD]ConfuserExSwitchKiller - ConfuserExSwitchKiller[/TD]

[/TR]

[TR]

[TD] [/TD]

[TD]ConfuserEx-Anti-Debug-Remover - ConfuserEx-Anti-Debug-Remover[/TD]

[/TR]

[TR]

[TD] [/TD]

[TD]ConfuserEx-Static-String-Decryptor - A static String Decryptor Based Off Instruction Emulator[/TD]

[/TR]

[TR]

[TD] [/TD]

[TD]ConfuserEx-Static-String-Decryptor - it will decrypt strings statically from a non modded confuserex with or without cflow doesnt really matter[/TD]

[/TR]

[TR]

[TD] [/TD]

[TD]ConfuserEx-Resources-Decryptor - This tool can decrypt encrypted resources from ConfuserEx and replace them[/TD]

[/TR]

[TR]

[TD] [/TD]

[TD]ConfuserExResourceReplace - ConfuserExResourceReplace[/TD]

[/TR]

[TR]

[TD] [/TD]

[TD]Crypto Obfuscator[/TD]

[/TR]

[TR]

[TD] [/TD]

[TD]Crypto-Deobfuscator - A Deobfuscator for Crypto Obfuscator[/TD]

[/TR]

[TR]

[TD] [/TD]

[TD]De4dot[/TD]

[/TR]

[TR]

[TD] [/TD]

[TD]de4dot - .NET deobfuscator and unpacker.[/TD]

[/TR]

[TR]

[TD] [/TD]

[TD]de4dot-cex - de4dot deobfuscator with full support for vanilla ConfuserEx[/TD]

[/TR]

[TR]

[TD] [/TD]

[TD]DotnetPatcher[/TD]

[/TR]

[TR]

[TD] [/TD]

[TD]DNPDeobfuscator - Open-source deobfuscator for dotnetpatcher (https://bitbucket.org/3dotdev/dotnet-patcher/src/)[/TD]

[/TR]

[TR]

[TD] [/TD]

[TD]Deobf-DotNetPathcer - an basic deobfuscator for last version (at the moment) dotnetpatcher (v4.5.9.0) https://bitbucket.org/3DotDev/dotnet-patcher[/TD]

[/TR]

[TR]

[TD] [/TD]

[TD]DotNetCompressor[/TD]

[/TR]

[TR]

[TD] [/TD]

[TD]DotNetCompressorDecompressor - Decompresses files compressed with https://github.com/TotalTechGeek/DotNetCompressor[/TD]

[/TR]

[TR]

[TD] [/TD]

[TD]DotRefiner[/TD]

[/TR]

[TR]

[TD] [/TD]

[TD]DotRefiner-Deobfuscator - Static DotRefiner Deobfuscator[/TD]

[/TR]

[TR]

[TD] [/TD]

[TD]DotWall[/TD]

[/TR]

[TR]

[TD] [/TD]

[TD]DotWall-Deobfuscator - Deobfuscator for DotWall[/TD]

[/TR]

[TR]

[TD] [/TD]

[TD]Dotwall-deobfuscator - A very simple deobfuscator for DotWall Obfuscator[/TD]

[/TR]

[TR]

[TD] [/TD]

[TD]Dumper[/TD]

[/TR]

[TR]

[TD] [/TD]

[TD]ExtremeDumper - .NET Assembly Dumper[/TD]

[/TR]

[TR]

[TD] [/TD]

[TD]Nemesis - A customizable process dumper.[/TD]

[/TR]

[TR]

[TD] [/TD]

[TD]MegaDumper - Dump native and .NET assemblies[/TD]

[/TR]

[TR]

[TD] [/TD]

[TD]KsDumper - Dumping processes using the power of kernel space ![/TD]

[/TR]

[TR]

[TD] [/TD]

[TD]Eazfuscator[/TD]

[/TR]

[TR]

[TD] [/TD]

[TD]EazFixer - A deobfuscation tool for Eazfuscator.[/TD]

[/TR]

[TR]

[TD] [/TD]

[TD]eazdevirt -Devirtualizer for Eazfuscator.NET[/TD]

[/TR]

[TR]

[TD] [/TD]

[TD]Fixer / Replacer / Simplifier / Remover[/TD]

[/TR]

[TR]

[TD] [/TD]

[TD]AssemblyRebuilderOld - [Obsolete] Fixup .Net Assembly dumped, if it can't work.[/TD]

[/TR]

[TR]

[TD] [/TD]

[TD]AssemblyFixer - Fix assembly pe header and metadata errors[/TD]

[/TR]

[TR]

[TD] [/TD]

[TD]RzyFixer - A .NET Unpacker tool, with many features. Using dnlib assembly & cui for the design.[/TD]

[/TR]

[TR]

[TD] [/TD]

[TD]CalliFixer - Here is a little program that remove calli protection from files, easy to use & easy to understand. Using the dnlib assembly.[/TD]

[/TR]

[TR]

[TD] [/TD]

[TD]Base64Encoding-Fixer - Little tool that i made cuse i'm bored rn, fix the string encryption protection (the one which encrypt strings to base64 made by forgothisname). Using dnlib assembly.[/TD]

[/TR]

[TR]

[TD] [/TD]

[TD]DoubleParseFixer - Little program that i made to fix Double Parse obfuscation. Using dnlib assembly.[/TD]

[/TR]

[TR]

[TD] [/TD]

[TD]SizeOf-Fixer -Fix the sizeof of assembly[/TD]

[/TR]

[TR]

[TD] [/TD]

[TD]SuperCalculator - Helpful tool which handle most operations used in obfuscation[/TD]

[/TR]

[TR]

[TD] [/TD]

[TD]Mathematical-Operation-Simplifier -Mathematical Operation Simplifier for .NET Applications[/TD]

[/TR]

[TR]

[TD] [/TD]

[TD]SizeOf-Replacer - SizeOf Replacer for .NET Applications[/TD]

[/TR]

[TR]

[TD] [/TD]

[TD]Junk-Remover - .NET attributes cleaner/Junk remover (nops).[/TD]

[/TR]

[TR]

[TD] [/TD]

[TD]PointMutationRemover - Does exactly what the title says, removes Point Mutations. Only supported with 2D points at the moment.[/TD]

[/TR]

[TR]

[TD] [/TD]

[TD]Universal-Math-Fixer - This calculator load all methods from mscorlib.dll and checks equivalence with the method from the instruction[/TD]

[/TR]

[TR]

[TD] [/TD]

[TD]SimpleMathCleaner - Simple Math Cleaner with invoke method for generic use[/TD]

[/TR]

[TR]

[TD] [/TD]

[TD]AntiDecompiler-Cleaner - An exception occurred when decompiling this method[/TD]

[/TR]

[TR]

[TD] [/TD]

[TD]AntiInvokeDetection - most string deobfuscators use Invoke to pick up the strings, however some obfuscators are using "GetCallingAssembly" to check if the method is being executed by another assembly[/TD]

[/TR]

[TR]

[TD] [/TD]

[TD]Excess-Nop-Remover - Remove excess nop opcodes[/TD]

[/TR]

[TR]

[TD] [/TD]

[TD]Universal-Proxy-Remover - A simple and universal .NET proxy remover[/TD]

[/TR]

[TR]

[TD] [/TD]

[TD]ILProtector[/TD]

[/TR]

[TR]

[TD] [/TD]

[TD]ILProtectorUnpacker - ILProtector Unpacker Script[/TD]

[/TR]

[TR]

[TD] [/TD]

[TD]ILUnpacker - A simple unpacker for ILProtector. Supported versions <= 2.0.21.4.[/TD]

[/TR]

[TR]

[TD] [/TD]

[TD]ILUnpacker - Different approach on unpacking ILProtector (Latest)[/TD]

[/TR]

[TR]

[TD] [/TD]

[TD]KoiVM[/TD]

[/TR]

[TR]

[TD] [/TD]

[TD]OldRod - An automated KoiVM devirtualisation utility[/TD]

[/TR]

[TR]

[TD] [/TD]

[TD]MemeVM[/TD]

[/TR]

[TR]

[TD] [/TD]

[TD]MemeDevirtualizer - Devirtualizer for MemeVM (MindSystem)[/TD]

[/TR]

[TR]

[TD] [/TD]

[TD]MemeVM-Devirt - A devirtualizer for MemeVM (CursedSheep)[/TD]

[/TR]

[TR]

[TD] [/TD]

[TD]MemeVMDevirt - devirtualizer for memevm (MageLand29)[/TD]

[/TR]

[TR]

[TD] [/TD]

[TD]Noisette Obfuscator[/TD]

[/TR]

[TR]

[TD] [/TD]

[TD]Noisette-Deobfuscator - A Deobfuscator for Noisette Obfuscator[/TD]

[/TR]

[TR]

[TD] [/TD]

[TD]Obfuscar[/TD]

[/TR]

[TR]

[TD] [/TD]

[TD]DeObfuscar - An open source deobfuscator for 'Obfuscar'[/TD]

[/TR]

[TR]

[TD] [/TD]

[TD]DeObfuscar-Static - Static Obfuscar Deobfuscator[/TD]

[/TR]

[TR]

[TD] [/TD]

[TD]OrangeHeap[/TD]

[/TR]

[TR]

[TD] [/TD]

[TD]OrangeHeap-Deobfuscator - Deobfuscates an Assembly protected with Orangeheap[/TD]

[/TR]

[TR]

[TD] [/TD]

[TD]Patcher[/TD]

[/TR]

[TR]

[TD] [/TD]

[TD].NET-Virtualized-App-Patcher - This is a universal Patcher that I coded for Virtualized Applications. Protected by KoiVM/EazVM/AgileVM. The project idea wasn't mine at all it was by xsilent and Tobito and they released a txt that contains the tracer, uh I asked time for some infos and ended up coding my version.[/TD]

[/TR]

[TR]

[TD] [/TD]

[TD]JIT-Freezer - This program is used to suspend applications with a native layer in order to dump them (Only .NET)[/TD]

[/TR]

[TR]

[TD] [/TD]

[TD]Venturi77CallHijacker - KoiVM,EazVM,AgileVM Patcher.[/TD]

[/TR]

[TR]

[TD] [/TD]

[TD]Harmony - A library for patching, replacing and decorating .NET and Mono methods during runtime[/TD]

[/TR]

[TR]

[TD] [/TD]

[TD]JitUnpacker-Framework - A jit hook and unpacker framework[/TD]

[/TR]

[TR]

[TD] [/TD]

[TD]Panda[/TD]

[/TR]

[TR]

[TD] [/TD]

[TD]Panda-Deobfuscator - Panda Deobfuscator[/TD]

[/TR]

[TR]

[TD] [/TD]

[TD]Phoenix Obfuscator[/TD]

[/TR]

[TR]

[TD] [/TD]

[TD]PhoenixDeobfuscator - PhoenixDeobfuscator is an open-source deobfuscator for PhoenixObfuscator[/TD]

[/TR]

[TR]

[TD] [/TD]

[TD]Phoenix-Protector-Strings-Decryptor - A strings decryptor for Phoenix Protector (Illuzion9999)[/TD]

[/TR]

[TR]

[TD] [/TD]

[TD]Phoenix-String-Decryptor - A simple tool which decrypts strings protected with Phoenix Protector (Jomtek)[/TD]

[/TR]

[TR]

[TD] [/TD]

[TD]Protect.NET[/TD]

[/TR]

[TR]

[TD] [/TD]

[TD]ProtectNotNet - Decrypts Protect.NET encrypted strings[/TD]

[/TR]

[TR]

[TD] [/TD]

[TD]String Decryptor[/TD]

[/TR]

[TR]

[TD] [/TD]

[TD]StackYenoDeobfuscator - String decryptor relying on the stack. Made for teach[/TD]

[/TR]

[TR]

[TD] [/TD]

[TD]StringDecryptorBase - Complete basic string decryptor to help new reversers. The code is commented[/TD]

[/TR]

[TR]

[TD] [/TD]

[TD]Deobfuscation-Tutorials - String Deobfuscation Tutorials by TheProxy[/TD]

[/TR]

[TR]

[TD] [/TD]

[TD]Skater.Net Obfuscator[/TD]

[/TR]

[TR]

[TD] [/TD]

[TD]Skater.NetDeobfuscator - Deobfuscator for RustemSoft Skater.Net Obfuscator[/TD]

[/TR]

[TR]

[TD] [/TD]

[TD]SpecterObfuscator[/TD]

[/TR]

[TR]

[TD] [/TD]

[TD]SpecterObfuscator-Deobfuscator - a deobfuscator for https://github.com/NepErwin/SpecterObfuscator[/TD]

[/TR]

[TR]

[TD] [/TD]

[TD]Not my list[/TD]

[/TR]

[/TABLE]

 

Link to comment
Share on other sites
Fral Newbie

Fral

Posted
Posted

[TABLE=border: 1, cellpadding: 0, cellspacing: 0]

[TR]

[TD]https://cracked.io/Thread-Release-Ti...erse-enginners[/TD]

[TD] [/TD]

[/TR]

[TR]

[TD] [/TD]

[TD] [/TD]

[/TR]

[TR]

[TD] [/TD]

[TD]Overview of the Code Analysis Process[/TD]

[/TR]

[TR]

[TD] [/TD]

[TD] [/TD]

[/TR]

[TR]

[TD] [/TD]

[TD]1. Examine static properties of the Windows executable for initial assessment and triage.[/TD]

[/TR]

[TR]

[TD] [/TD]

[TD]2. Identify strings and API calls that highlight the program’s suspicious or malicious capabilities.[/TD]

[/TR]

[TR]

[TD] [/TD]

[TD]3. Perform automated and manual behavioral analysis to gather additional details.[/TD]

[/TR]

[TR]

[TD] [/TD]

[TD]4. If relevant, supplement our understanding by using memory forensics techniques.[/TD]

[/TR]

[TR]

[TD] [/TD]

[TD]5. Use a disassembler for static analysis to examine code that references risky strings and API calls.[/TD]

[/TR]

[TR]

[TD] [/TD]

[TD]6. Use a debugger for dynamic analysis to examine how risky strings and API calls are used.[/TD]

[/TR]

[TR]

[TD] [/TD]

[TD]7. If appropriate, unpack the code and its artifacts. 8. As your understanding of the code increases, add comments, labels; rename functions, variables.[/TD]

[/TR]

[TR]

[TD] [/TD]

[TD]9. Progress to examine the code that references or depends upon the code you’ve already analyzed.[/TD]

[/TR]

[TR]

[TD] [/TD]

[TD]10. Repeat steps 5-9 above as necessary (the order may vary) until analysis objectives are met.[/TD]

[/TR]

[TR]

[TD] [/TD]

[TD] [/TD]

[/TR]

[TR]

[TD] [/TD]

[TD]Common 32-Bit Registers and Uses[/TD]

[/TR]

[TR]

[TD] [/TD]

[TD] [/TD]

[/TR]

[TR]

[TD] [/TD]

[TD]EAX Addition, multiplication, function results[/TD]

[/TR]

[TR]

[TD] [/TD]

[TD]ECX Counter; used by LOOP and others[/TD]

[/TR]

[TR]

[TD] [/TD]

[TD]EBP Baseline/frame pointer for referencing function arguments (EBP+value) and local variables (EBPvalue)[/TD]

[/TR]

[TR]

[TD] [/TD]

[TD]ESP Points to the current “top” of the stack; changes via PUSH, POP, and others[/TD]

[/TR]

[TR]

[TD] [/TD]

[TD]EIP Instruction pointer; points to the next instruction; shellcode gets it via call/pop[/TD]

[/TR]

[TR]

[TD] [/TD]

[TD]EFLAGS Contains flags that store outcomes of computations (e.g., Zero and Carry flags)[/TD]

[/TR]

[TR]

[TD] [/TD]

[TD]FS F segment register; FS[0] points to SEH chain, FS[0x30] points to the PEB.[/TD]

[/TR]

[TR]

[TD] [/TD]

[TD] [/TD]

[/TR]

[TR]

[TD] [/TD]

[TD]Common x86 Assembly Instructions[/TD]

[/TR]

[TR]

[TD] [/TD]

[TD] [/TD]

[/TR]

[TR]

[TD] [/TD]

[TD]mov EAX,0xB8 Put the value 0xB8 in EAX.[/TD]

[/TR]

[TR]

[TD] [/TD]

[TD]push EAX Put EAX contents on the stack.[/TD]

[/TR]

[TR]

[TD] [/TD]

[TD]pop EAX Remove contents from top of the stack and put them in EAX .[/TD]

[/TR]

[TR]

[TD] [/TD]

[TD]lea EAX,[EBP-4] Put the address of variable EBP-4 in EAX.[/TD]

[/TR]

[TR]

[TD] [/TD]

[TD]call EAX Call the function whose address resides in the EAX register[/TD]

[/TR]

[TR]

[TD] [/TD]

[TD]add esp,8 Increase ESP by 8 to shrink the stack by two 4-byte arguments.[/TD]

[/TR]

[TR]

[TD] [/TD]

[TD]sub esp,0x54 Shift ESP by 0x54 to make room on the stack for local variable(s).[/TD]

[/TR]

[TR]

[TD] [/TD]

[TD]xor EAX,EAX Set EAX contents to zero.[/TD]

[/TR]

[TR]

[TD] [/TD]

[TD]test EAX,EAX Check whether EAX contains zero, set the appropriate EFLAGS bits.[/TD]

[/TR]

[TR]

[TD] [/TD]

[TD]cmp EAX,0xB8 Compare EAX to 0xB8, set the appropriate EFLAGS bits.[/TD]

[/TR]

[TR]

[TD] [/TD]

[TD] [/TD]

[/TR]

[TR]

[TD] [/TD]

[TD]Understanding 64-Bit Registers[/TD]

[/TR]

[TR]

[TD] [/TD]

[TD] [/TD]

[/TR]

[TR]

[TD] [/TD]

[TD]EAX→RAX, ECX→RCX, EBX→RBX, ESP→RSP, EIP→RIP[/TD]

[/TR]

[TR]

[TD] [/TD]

[TD]Additional 64-bit registers are R8-R15.[/TD]

[/TR]

[TR]

[TD] [/TD]

[TD]RSP is often used to access stack arguments and local variables, instead of EBP.[/TD]

[/TR]

[TR]

[TD] [/TD]

[TD] [/TD]

[/TR]

[TR]

[TD] [/TD]

[TD]|||||||||||||||||||||||||||||||||||||||||||||||||| |||||||||||||| R8 (64 bits)[/TD]

[/TR]

[TR]

[TD] [/TD]

[TD]________________________________|||||||||||||||||| |||||||||||||| R8D (32 bits)[/TD]

[/TR]

[TR]

[TD] [/TD]

[TD]________________________________________________|| |||||||||||||| R8W (16 bits)[/TD]

[/TR]

[TR]

[TD] [/TD]

[TD]__________________________________________________ ______|||||||| R8B (8 bits)[/TD]

[/TR]

[TR]

[TD] [/TD]

[TD] [/TD]

[/TR]

[TR]

[TD] [/TD]

[TD]Passing Parameters to Functions[/TD]

[/TR]

[TR]

[TD] [/TD]

[TD] [/TD]

[/TR]

[TR]

[TD] [/TD]

[TD]arg0 [EBP+8] on 32-bit, RCX on 64-bit[/TD]

[/TR]

[TR]

[TD] [/TD]

[TD]arg1 [EBP+0xC] on 32-bit, RDX on 64-bit[/TD]

[/TR]

[TR]

[TD] [/TD]

[TD]arg2 [EBP+0x10] on 32-bit, R8 on 64-bit[/TD]

[/TR]

[TR]

[TD] [/TD]

[TD]arg3 [EBP+14] on 32-bit, R9 on 64-bit[/TD]

[/TR]

[TR]

[TD] [/TD]

[TD] [/TD]

[/TR]

[TR]

[TD] [/TD]

[TD]Decoding Conditional Jumps[/TD]

[/TR]

[TR]

[TD] [/TD]

[TD] [/TD]

[/TR]

[TR]

[TD] [/TD]

[TD]JA / JG Jump if above/jump if greater[/TD]

[/TR]

[TR]

[TD] [/TD]

[TD]JB / JL Jump if below/jump if less[/TD]

[/TR]

[TR]

[TD] [/TD]

[TD]JE / JZ Jump if equal; same as jump if zero.[/TD]

[/TR]

[TR]

[TD] [/TD]

[TD]JNE / JNZ Jump if not equal; same as jump if not zero.[/TD]

[/TR]

[TR]

[TD] [/TD]

[TD]JGE/ JNL Jump if greater or equal; same as jump if not less.[/TD]

[/TR]

[TR]

[TD] [/TD]

[TD] [/TD]

[/TR]

[TR]

[TD] [/TD]

[TD]Some Risky Windows API Calls[/TD]

[/TR]

[TR]

[TD] [/TD]

[TD] [/TD]

[/TR]

[TR]

[TD] [/TD]

[TD] [/TD]

[/TR]

[TR]

[TD] [/TD]

[TD]Code injection: CreateRemoteThread, OpenProcess, VirtualAllocEx, WriteProcessMemory, EnumProcesses[/TD]

[/TR]

[TR]

[TD] [/TD]

[TD] [/TD]

[/TR]

[TR]

[TD] [/TD]

[TD]Dynamic DLL loading: LoadLibrary, GetProcAddress[/TD]

[/TR]

[TR]

[TD] [/TD]

[TD] [/TD]

[/TR]

[TR]

[TD] [/TD]

[TD]Memory scraping: CreateToolhelp32Snapshot, OpenProcess, ReadProcessMemory, EnumProcesses[/TD]

[/TR]

[TR]

[TD] [/TD]

[TD] [/TD]

[/TR]

[TR]

[TD] [/TD]

[TD]Data stealing: GetClipboardData, GetWindowText[/TD]

[/TR]

[TR]

[TD] [/TD]

[TD] [/TD]

[/TR]

[TR]

[TD] [/TD]

[TD]Keylogging: GetAsyncKeyState, SetWindowsHookEx[/TD]

[/TR]

[TR]

[TD] [/TD]

[TD] [/TD]

[/TR]

[TR]

[TD] [/TD]

[TD]Embedded resources: FindResource, LockResource[/TD]

[/TR]

[TR]

[TD] [/TD]

[TD] [/TD]

[/TR]

[TR]

[TD] [/TD]

[TD]Unpacking/self-injection: VirtualAlloc, VirtualProtect[/TD]

[/TR]

[TR]

[TD] [/TD]

[TD] [/TD]

[/TR]

[TR]

[TD] [/TD]

[TD]Query artifacts: CreateMutex, CreateFile, FindWindow, GetModuleHandle, RegOpenKeyEx[/TD]

[/TR]

[TR]

[TD] [/TD]

[TD] [/TD]

[/TR]

[TR]

[TD] [/TD]

[TD]Execute a program: WinExec, ShellExecute, CreateProcess[/TD]

[/TR]

[TR]

[TD] [/TD]

[TD] [/TD]

[/TR]

[TR]

[TD] [/TD]

[TD]Web interactions: InternetOpen, HttpOpenRequest, HttpSendRequest, InternetReadFile[/TD]

[/TR]

[TR]

[TD] [/TD]

[TD] [/TD]

[/TR]

[TR]

[TD] [/TD]

[TD]Additional Code Analysis Tips[/TD]

[/TR]

[TR]

[TD] [/TD]

[TD] [/TD]

[/TR]

[TR]

[TD] [/TD]

[TD]Be patient but persistent; focus on small, manageable code areas and expand from there.[/TD]

[/TR]

[TR]

[TD] [/TD]

[TD]Use dynamic code analysis (debugging) for code that’s too difficult to understand statically.[/TD]

[/TR]

[TR]

[TD] [/TD]

[TD]Look at jumps and calls to assess how the specimen flows from “interesting” code block to the other.[/TD]

[/TR]

[TR]

[TD] [/TD]

[TD]If code analysis is taking too long, consider whether behavioral or memory analysis will achieve the goals.[/TD]

[/TR]

[TR]

[TD] [/TD]

[TD]When looking for API calls, know the official API names and the associated native APIs (Nt, Zw, Rtl).[/TD]

[/TR]

[/TABLE]

 

Link to comment
Share on other sites
Fral Newbie

Fral

Posted
Posted

Blog Tutorial Series

- The Modern Cracker's Handbook -

1. What is programming?

+ Basics of programming

++ Hello World in many languages

++ All languages use the same datatypes and core basics

+ Examples of programming

++ corporate/application

++ artwork

++ games

2. What is Reverse Code Engineering?

+ Definition and legality

+ Common tools and methods

+ The art of the Cracktro/Demoscene

++ 80s-90s

+ Common methods to combat RCE

3. Learning High Level Programming

+ It is essential to understand basic programming with high level languages.

+ Types of languages

++ Native

++ Interpreted/Scripting

++ Managed/DotNet

++ Esoteric

+ Choosing a first language

++ Shell

++ C-Likes

++ Avoid easily reversed

++ Easy to understand

++ Obscure

+ Lesson 1: MS Batch and Bash

+ Lesson 2: Autohotkey and AutoIt3

+ Lesson 3: C and Perl

+ Lesson 4: Java

+ Lesson 5: C# and VB.Net

+ Lesson 6: Python

4. Low Level Programming

+ RCE is done at the low level

+ What is Byte Code?

++ Assembly

++ Java Byte Code

++ Smali (Android)

+ Lesson 7: Basics of Assembly

5. Beginning RCE

+ Tools

++ OlyDbg

++ Disassemblers

++ Dumpers

++ Hex Editors

+ Lesson 8: Modding a game or program with a hex editor

+ Lesson 9a: Cracking a program with OlyDbg and a Hex Editor

+ Lesson 9b: Making a simple memory patcher using the solution from 9a

+ Lesson 10: Using a disassembler to analyze a program

+ Lesson 11: Hacking a simple game

+ Lesson 12: Dumping a "program at run time

6. Non-Native RCE

+ This chapter is for DotNet, Java Android, Python and other interpreted languages

+ Tools

++ FernFlower and JD (Java)

++ Unrpa (RenPy/Python)

++ DotNet Reflector (C#, VB.Net, F#)

++ AutoIt3 Decompiler

+ Lesson 14: Decompiling a RenPy game

+ Lesson 13: Decompiling a compiled AutoIt3 script

+ Lesson 15: Decompiling a DotNet Program

+ Lesson 16: Decompiling a Java Program

+ Lesson 17: Decompiling an Android App

+ Sometimes obscure or undocumented languages are use

+ Often times they can still be decompiled.

+ Lesson 18: Identifying and Reversing an Unknown Language

++ Hot Soup Processor

7. Anti-RCE

+ RCE can not be stopped, but it can be hindered

+ Common methods

++ Exe Packers / Compressors

++ Encryptors

++ Containers

++ Dummy Routines

+ False hopes

++ While the above work well to stop the novice cracker, they only hinder

++ Decompressors / Unpackers

++ Decryptors

++ Memory Dumping (Lesson 12)

+ Lesson 19: Unpacking UPX and MPress

+ Themida - Best in protection if you can afford it

8. The Art of Cracking

+ Now that we have covered everything about the basics of RCE, let's put it together as an art

+ Chip-Tunes, the cracker's music

++ Lesson 20: Creating a Chip-Tune with OpenMPT

++ Lesson 21: Playing the chip-tune in our program with ufmod

+++ DotNet

+++ C/C++

+++ AutoIt3

+++ Assembly

+ The Crack's UI

++ Lesson 22: Making and Moving a Borderless Window in DotNet

++ Lesson 23: Steganography in embedded images as a trademark

+ While Borderless forms are cool, cracktro's were the true art

++ Lesson 24: Making a Cracktro

9. Conclusion

+ There is still much to learn about RCE, covered in this book is merely the beginnings to inspire further learning and interests.

+ Challenges on blog.miyako.pro

Link to comment
Share on other sites
Fral Newbie

Fral

Posted
Posted

These data types are universal. however, some languages will interpret them contextually.

 

Boolean

- Used for true/false statements

- Only has two possible values which may be represented as a number or word

+ 0 / FALSE

+ 1 / TRUE

 

Interger

- Only whole numbers, no decimals

- Sometimes called a short or dword

- 4 Bytes in length, 16-bit

- Two types:

+ Unsigned short: 0 to 65535 // 0xFFFF

+ Signed short: -32,767 to 32,767 // 0x7FFF

- Often declared as:

+ int x

+ interger x

+ short x

+ unsigned short x

+ signed short x

 

Long Interger

- Denoted by placing "long" before interger in place of short

- Also called a "double"

- Whole number greater than or equal to a standard interger

- Must be 32-bits or 8 bytes in length

- Range varies greatly per language

 

Floating Point (Float)

- Used to represent approximations of real numbers with precision

- Uses decimals and often scientific notation

 

Char[n]

- Char refers to characters, often used to represent ascii symbols and strings.

- a single char is 1 byte in lenght.

+ char a = "a" // "a" in this example translates to the byte 0x60

- When a numerical value is added to the char, it becomes a string with that many bytes.

+ char[10] = "abcdefghij" // this string is 10 bytes in length: 0x 60 61 62 63 64 65 66 67 68 69 6A

- Many high-level languanges simply call char "string" and will automatically intrepret the length

Link to comment
Share on other sites
Fral Newbie

Fral

Posted
Posted

Operators

 

These are mathematical and logical operators that are fairly universal in programming.

 

Math / Arithmetic

+ Addition

- Subtraction

* Multiplication

/ Division

++ Increment

-- Decrement

 

Operators

!= Not Equals

== Equals

>= Greater than or equal to

<= Less than or equal to

> Greater than

< Less than

 

Logical Operators

|| OR

&& AND

! NOT

 

Bitwise Opereatiors

<< SHIFT LEFT

>> SHIFT RIGHT

& AND

^ XOR

| OR

Link to comment
Share on other sites
Fral Newbie

Fral

Posted
Posted (edited)

Assembly Language Programming For Reverse Engineering

https://rutracker.org/forum/viewtopic.php?t=6353419

 

https://kb.iu.edu/d/afdl

 

 

 

Decimal-hexadecimal-binary conversion table [TABLE]

[TR]

[TD]Dec[/TD]

[TD]Hex[/TD]

[TD]Bin[/TD]

[TD] [/TD]

[TD]Dec[/TD]

[TD]Hex[/TD]

[TD]Bin[/TD]

[TD] [/TD]

[TD]Dec[/TD]

[TD]Hex[/TD]

[TD]Bin[/TD]

[TD] [/TD]

[TD]Dec[/TD]

[TD]Hex[/TD]

[TD]Bin[/TD]

[/TR]

[TR]

[TD]0[/TD]

[TD]0[/TD]

[TD]00000000[/TD]

[TD] [/TD]

[TD]64[/TD]

[TD]40[/TD]

[TD]01000000[/TD]

[TD] [/TD]

[TD]128[/TD]

[TD]80[/TD]

[TD]10000000[/TD]

[TD] [/TD]

[TD]192[/TD]

[TD]c0[/TD]

[TD]11000000[/TD]

[/TR]

[TR]

[TD]1[/TD]

[TD]1[/TD]

[TD]00000001[/TD]

[TD] [/TD]

[TD]65[/TD]

[TD]41[/TD]

[TD]01000001[/TD]

[TD] [/TD]

[TD]129[/TD]

[TD]81[/TD]

[TD]10000001[/TD]

[TD] [/TD]

[TD]193[/TD]

[TD]c1[/TD]

[TD]11000001[/TD]

[/TR]

[TR]

[TD]2[/TD]

[TD]2[/TD]

[TD]00000010[/TD]

[TD] [/TD]

[TD]66[/TD]

[TD]42[/TD]

[TD]01000010[/TD]

[TD] [/TD]

[TD]130[/TD]

[TD]82[/TD]

[TD]10000010[/TD]

[TD] [/TD]

[TD]194[/TD]

[TD]c2[/TD]

[TD]11000010[/TD]

[/TR]

[TR]

[TD]3[/TD]

[TD]3[/TD]

[TD]00000011[/TD]

[TD] [/TD]

[TD]67[/TD]

[TD]43[/TD]

[TD]01000011[/TD]

[TD] [/TD]

[TD]131[/TD]

[TD]83[/TD]

[TD]10000011[/TD]

[TD] [/TD]

[TD]195[/TD]

[TD]c3[/TD]

[TD]11000011[/TD]

[/TR]

[TR]

[TD]4[/TD]

[TD]4[/TD]

[TD]00000100[/TD]

[TD] [/TD]

[TD]68[/TD]

[TD]44[/TD]

[TD]01000100[/TD]

[TD] [/TD]

[TD]132[/TD]

[TD]84[/TD]

[TD]10000100[/TD]

[TD] [/TD]

[TD]196[/TD]

[TD]c4[/TD]

[TD]11000100[/TD]

[/TR]

[TR]

[TD]5[/TD]

[TD]5[/TD]

[TD]00000101[/TD]

[TD] [/TD]

[TD]69[/TD]

[TD]45[/TD]

[TD]01000101[/TD]

[TD] [/TD]

[TD]133[/TD]

[TD]85[/TD]

[TD]10000101[/TD]

[TD] [/TD]

[TD]197[/TD]

[TD]c5[/TD]

[TD]11000101[/TD]

[/TR]

[TR]

[TD]6[/TD]

[TD]6[/TD]

[TD]00000110[/TD]

[TD] [/TD]

[TD]70[/TD]

[TD]46[/TD]

[TD]01000110[/TD]

[TD] [/TD]

[TD]134[/TD]

[TD]86[/TD]

[TD]10000110[/TD]

[TD] [/TD]

[TD]198[/TD]

[TD]c6[/TD]

[TD]11000110[/TD]

[/TR]

[TR]

[TD]7[/TD]

[TD]7[/TD]

[TD]00000111[/TD]

[TD] [/TD]

[TD]71[/TD]

[TD]47[/TD]

[TD]01000111[/TD]

[TD] [/TD]

[TD]135[/TD]

[TD]87[/TD]

[TD]10000111[/TD]

[TD] [/TD]

[TD]199[/TD]

[TD]c7[/TD]

[TD]11000111[/TD]

[/TR]

[TR]

[TD]8[/TD]

[TD]8[/TD]

[TD]00001000[/TD]

[TD] [/TD]

[TD]72[/TD]

[TD]48[/TD]

[TD]01001000[/TD]

[TD] [/TD]

[TD]136[/TD]

[TD]88[/TD]

[TD]10001000[/TD]

[TD] [/TD]

[TD]200[/TD]

[TD]c8[/TD]

[TD]11001000[/TD]

[/TR]

[TR]

[TD]9[/TD]

[TD]9[/TD]

[TD]00001001[/TD]

[TD] [/TD]

[TD]73[/TD]

[TD]49[/TD]

[TD]01001001[/TD]

[TD] [/TD]

[TD]137[/TD]

[TD]89[/TD]

[TD]10001001[/TD]

[TD] [/TD]

[TD]201[/TD]

[TD]c9[/TD]

[TD]11001001[/TD]

[/TR]

[TR]

[TD]10[/TD]

[TD]a[/TD]

[TD]00001010[/TD]

[TD] [/TD]

[TD]74[/TD]

[TD]4a[/TD]

[TD]01001010[/TD]

[TD] [/TD]

[TD]138[/TD]

[TD]8a[/TD]

[TD]10001010[/TD]

[TD] [/TD]

[TD]202[/TD]

[TD]ca[/TD]

[TD]11001010[/TD]

[/TR]

[TR]

[TD]11[/TD]

[TD]b[/TD]

[TD]00001011[/TD]

[TD] [/TD]

[TD]75[/TD]

[TD]4b[/TD]

[TD]01001011[/TD]

[TD] [/TD]

[TD]139[/TD]

[TD]8b[/TD]

[TD]10001011[/TD]

[TD] [/TD]

[TD]203[/TD]

[TD]cb[/TD]

[TD]11001011[/TD]

[/TR]

[TR]

[TD]12[/TD]

[TD]c[/TD]

[TD]00001100[/TD]

[TD] [/TD]

[TD]76[/TD]

[TD]4c[/TD]

[TD]01001100[/TD]

[TD] [/TD]

[TD]140[/TD]

[TD]8c[/TD]

[TD]10001100[/TD]

[TD] [/TD]

[TD]204[/TD]

[TD]cc[/TD]

[TD]11001100[/TD]

[/TR]

[TR]

[TD]13[/TD]

[TD]d[/TD]

[TD]00001101[/TD]

[TD] [/TD]

[TD]77[/TD]

[TD]4d[/TD]

[TD]01001101[/TD]

[TD] [/TD]

[TD]141[/TD]

[TD]8d[/TD]

[TD]10001101[/TD]

[TD] [/TD]

[TD]205[/TD]

[TD]cd[/TD]

[TD]11001101[/TD]

[/TR]

[TR]

[TD]14[/TD]

[TD]e[/TD]

[TD]00001110[/TD]

[TD] [/TD]

[TD]78[/TD]

[TD]4e[/TD]

[TD]01001110[/TD]

[TD] [/TD]

[TD]142[/TD]

[TD]8e[/TD]

[TD]10001110[/TD]

[TD] [/TD]

[TD]206[/TD]

[TD]ce[/TD]

[TD]11001110[/TD]

[/TR]

[TR]

[TD]15[/TD]

[TD]f[/TD]

[TD]00001111[/TD]

[TD] [/TD]

[TD]79[/TD]

[TD]4f[/TD]

[TD]01001111[/TD]

[TD] [/TD]

[TD]143[/TD]

[TD]8f[/TD]

[TD]10001111[/TD]

[TD] [/TD]

[TD]207[/TD]

[TD]cf[/TD]

[TD]11001111[/TD]

[/TR]

[TR]

[TD]16[/TD]

[TD]10[/TD]

[TD]00010000[/TD]

[TD] [/TD]

[TD]80[/TD]

[TD]50[/TD]

[TD]01010000[/TD]

[TD] [/TD]

[TD]144[/TD]

[TD]90[/TD]

[TD]10010000[/TD]

[TD] [/TD]

[TD]208[/TD]

[TD]d0[/TD]

[TD]11010000[/TD]

[/TR]

[TR]

[TD]17[/TD]

[TD]11[/TD]

[TD]00010001[/TD]

[TD] [/TD]

[TD]81[/TD]

[TD]51[/TD]

[TD]01010001[/TD]

[TD] [/TD]

[TD]145[/TD]

[TD]91[/TD]

[TD]10010001[/TD]

[TD] [/TD]

[TD]209[/TD]

[TD]d1[/TD]

[TD]11010001[/TD]

[/TR]

[TR]

[TD]18[/TD]

[TD]12[/TD]

[TD]00010010[/TD]

[TD] [/TD]

[TD]82[/TD]

[TD]52[/TD]

[TD]01010010[/TD]

[TD] [/TD]

[TD]146[/TD]

[TD]92[/TD]

[TD]10010010[/TD]

[TD] [/TD]

[TD]210[/TD]

[TD]d2[/TD]

[TD]11010010[/TD]

[/TR]

[TR]

[TD]19[/TD]

[TD]13[/TD]

[TD]00010011[/TD]

[TD] [/TD]

[TD]83[/TD]

[TD]53[/TD]

[TD]01010011[/TD]

[TD] [/TD]

[TD]147[/TD]

[TD]93[/TD]

[TD]10010011[/TD]

[TD] [/TD]

[TD]211[/TD]

[TD]d3[/TD]

[TD]11010011[/TD]

[/TR]

[TR]

[TD]20[/TD]

[TD]14[/TD]

[TD]00010100[/TD]

[TD] [/TD]

[TD]84[/TD]

[TD]54[/TD]

[TD]01010100[/TD]

[TD] [/TD]

[TD]148[/TD]

[TD]94[/TD]

[TD]10010100[/TD]

[TD] [/TD]

[TD]212[/TD]

[TD]d4[/TD]

[TD]11010100[/TD]

[/TR]

[TR]

[TD]21[/TD]

[TD]15[/TD]

[TD]00010101[/TD]

[TD] [/TD]

[TD]85[/TD]

[TD]55[/TD]

[TD]01010101[/TD]

[TD] [/TD]

[TD]149[/TD]

[TD]95[/TD]

[TD]10010101[/TD]

[TD] [/TD]

[TD]213[/TD]

[TD]d5[/TD]

[TD]11010101[/TD]

[/TR]

[TR]

[TD]22[/TD]

[TD]16[/TD]

[TD]00010110[/TD]

[TD] [/TD]

[TD]86[/TD]

[TD]56[/TD]

[TD]01010110[/TD]

[TD] [/TD]

[TD]150[/TD]

[TD]96[/TD]

[TD]10010110[/TD]

[TD] [/TD]

[TD]214[/TD]

[TD]d6[/TD]

[TD]11010110[/TD]

[/TR]

[TR]

[TD]23[/TD]

[TD]17[/TD]

[TD]00010111[/TD]

[TD] [/TD]

[TD]87[/TD]

[TD]57[/TD]

[TD]01010111[/TD]

[TD] [/TD]

[TD]151[/TD]

[TD]97[/TD]

[TD]10010111[/TD]

[TD] [/TD]

[TD]215[/TD]

[TD]d7[/TD]

[TD]11010111[/TD]

[/TR]

[TR]

[TD]24[/TD]

[TD]18[/TD]

[TD]00011000[/TD]

[TD] [/TD]

[TD]88[/TD]

[TD]58[/TD]

[TD]01011000[/TD]

[TD] [/TD]

[TD]152[/TD]

[TD]98[/TD]

[TD]10011000[/TD]

[TD] [/TD]

[TD]216[/TD]

[TD]d8[/TD]

[TD]11011000[/TD]

[/TR]

[TR]

[TD]25[/TD]

[TD]19[/TD]

[TD]00011001[/TD]

[TD] [/TD]

[TD]89[/TD]

[TD]59[/TD]

[TD]01011001[/TD]

[TD] [/TD]

[TD]153[/TD]

[TD]99[/TD]

[TD]10011001[/TD]

[TD] [/TD]

[TD]217[/TD]

[TD]d9[/TD]

[TD]11011001[/TD]

[/TR]

[TR]

[TD]26[/TD]

[TD]1a[/TD]

[TD]00011010[/TD]

[TD] [/TD]

[TD]90[/TD]

[TD]5a[/TD]

[TD]01011010[/TD]

[TD] [/TD]

[TD]154[/TD]

[TD]9a[/TD]

[TD]10011010[/TD]

[TD] [/TD]

[TD]218[/TD]

[TD]da[/TD]

[TD]11011010[/TD]

[/TR]

[TR]

[TD]27[/TD]

[TD]1b[/TD]

[TD]00011011[/TD]

[TD] [/TD]

[TD]91[/TD]

[TD]5b[/TD]

[TD]01011011[/TD]

[TD] [/TD]

[TD]155[/TD]

[TD]9b[/TD]

[TD]10011011[/TD]

[TD] [/TD]

[TD]219[/TD]

[TD]db[/TD]

[TD]11011011[/TD]

[/TR]

[TR]

[TD]28[/TD]

[TD]1c[/TD]

[TD]00011100[/TD]

[TD] [/TD]

[TD]92[/TD]

[TD]5c[/TD]

[TD]01011100[/TD]

[TD] [/TD]

[TD]156[/TD]

[TD]9c[/TD]

[TD]10011100[/TD]

[TD] [/TD]

[TD]220[/TD]

[TD]dc[/TD]

[TD]11011100[/TD]

[/TR]

[TR]

[TD]29[/TD]

[TD]1d[/TD]

[TD]00011101[/TD]

[TD] [/TD]

[TD]93[/TD]

[TD]5d[/TD]

[TD]01011101[/TD]

[TD] [/TD]

[TD]157[/TD]

[TD]9d[/TD]

[TD]10011101[/TD]

[TD] [/TD]

[TD]221[/TD]

[TD]dd[/TD]

[TD]11011101[/TD]

[/TR]

[TR]

[TD]30[/TD]

[TD]1e[/TD]

[TD]00011110[/TD]

[TD] [/TD]

[TD]94[/TD]

[TD]5e[/TD]

[TD]01011110[/TD]

[TD] [/TD]

[TD]158[/TD]

[TD]9e[/TD]

[TD]10011110[/TD]

[TD] [/TD]

[TD]222[/TD]

[TD]de[/TD]

[TD]11011110[/TD]

[/TR]

[TR]

[TD]31[/TD]

[TD]1f[/TD]

[TD]00011111[/TD]

[TD] [/TD]

[TD]95[/TD]

[TD]5f[/TD]

[TD]01011111[/TD]

[TD] [/TD]

[TD]159[/TD]

[TD]9f[/TD]

[TD]10011111[/TD]

[TD] [/TD]

[TD]223[/TD]

[TD]df[/TD]

[TD]11011111[/TD]

[/TR]

[TR]

[TD]32[/TD]

[TD]20[/TD]

[TD]00100000[/TD]

[TD] [/TD]

[TD]96[/TD]

[TD]60[/TD]

[TD]01100000[/TD]

[TD] [/TD]

[TD]160[/TD]

[TD]a0[/TD]

[TD]10100000[/TD]

[TD] [/TD]

[TD]224[/TD]

[TD]e0[/TD]

[TD]11100000[/TD]

[/TR]

[TR]

[TD]33[/TD]

[TD]21[/TD]

[TD]00100001[/TD]

[TD] [/TD]

[TD]97[/TD]

[TD]61[/TD]

[TD]01100001[/TD]

[TD] [/TD]

[TD]161[/TD]

[TD]a1[/TD]

[TD]10100001[/TD]

[TD] [/TD]

[TD]225[/TD]

[TD]e1[/TD]

[TD]11100001[/TD]

[/TR]

[TR]

[TD]34[/TD]

[TD]22[/TD]

[TD]00100010[/TD]

[TD] [/TD]

[TD]98[/TD]

[TD]62[/TD]

[TD]01100010[/TD]

[TD] [/TD]

[TD]162[/TD]

[TD]a2[/TD]

[TD]10100010[/TD]

[TD] [/TD]

[TD]226[/TD]

[TD]e2[/TD]

[TD]11100010[/TD]

[/TR]

[TR]

[TD]35[/TD]

[TD]23[/TD]

[TD]00100011[/TD]

[TD] [/TD]

[TD]99[/TD]

[TD]63[/TD]

[TD]01100011[/TD]

[TD] [/TD]

[TD]163[/TD]

[TD]a3[/TD]

[TD]10100011[/TD]

[TD] [/TD]

[TD]227[/TD]

[TD]e3[/TD]

[TD]11100011[/TD]

[/TR]

[TR]

[TD]36[/TD]

[TD]24[/TD]

[TD]00100100[/TD]

[TD] [/TD]

[TD]100[/TD]

[TD]64[/TD]

[TD]01100100[/TD]

[TD] [/TD]

[TD]164[/TD]

[TD]a4[/TD]

[TD]10100100[/TD]

[TD] [/TD]

[TD]228[/TD]

[TD]e4[/TD]

[TD]11100100[/TD]

[/TR]

[TR]

[TD]37[/TD]

[TD]25[/TD]

[TD]00100101[/TD]

[TD] [/TD]

[TD]101[/TD]

[TD]65[/TD]

[TD]01100101[/TD]

[TD] [/TD]

[TD]165[/TD]

[TD]a5[/TD]

[TD]10100101[/TD]

[TD] [/TD]

[TD]229[/TD]

[TD]e5[/TD]

[TD]11100101[/TD]

[/TR]

[TR]

[TD]38[/TD]

[TD]26[/TD]

[TD]00100110[/TD]

[TD] [/TD]

[TD]102[/TD]

[TD]66[/TD]

[TD]01100110[/TD]

[TD] [/TD]

[TD]166[/TD]

[TD]a6[/TD]

[TD]10100110[/TD]

[TD] [/TD]

[TD]230[/TD]

[TD]e6[/TD]

[TD]11100110[/TD]

[/TR]

[TR]

[TD]39[/TD]

[TD]27[/TD]

[TD]00100111[/TD]

[TD] [/TD]

[TD]103[/TD]

[TD]67[/TD]

[TD]01100111[/TD]

[TD] [/TD]

[TD]167[/TD]

[TD]a7[/TD]

[TD]10100111[/TD]

[TD] [/TD]

[TD]231[/TD]

[TD]e7[/TD]

[TD]11100111[/TD]

[/TR]

[TR]

[TD]40[/TD]

[TD]28[/TD]

[TD]00101000[/TD]

[TD] [/TD]

[TD]104[/TD]

[TD]68[/TD]

[TD]01101000[/TD]

[TD] [/TD]

[TD]168[/TD]

[TD]a8[/TD]

[TD]10101000[/TD]

[TD] [/TD]

[TD]232[/TD]

[TD]e8[/TD]

[TD]11101000[/TD]

[/TR]

[TR]

[TD]41[/TD]

[TD]29[/TD]

[TD]00101001[/TD]

[TD] [/TD]

[TD]105[/TD]

[TD]69[/TD]

[TD]01101001[/TD]

[TD] [/TD]

[TD]169[/TD]

[TD]a9[/TD]

[TD]10101001[/TD]

[TD] [/TD]

[TD]233[/TD]

[TD]e9[/TD]

[TD]11101001[/TD]

[/TR]

[TR]

[TD]42[/TD]

[TD]2a[/TD]

[TD]00101010[/TD]

[TD] [/TD]

[TD]106[/TD]

[TD]6a[/TD]

[TD]01101010[/TD]

[TD] [/TD]

[TD]170[/TD]

[TD]aa[/TD]

[TD]10101010[/TD]

[TD] [/TD]

[TD]234[/TD]

[TD]ea[/TD]

[TD]11101010[/TD]

[/TR]

[TR]

[TD]43[/TD]

[TD]2b[/TD]

[TD]00101011[/TD]

[TD] [/TD]

[TD]107[/TD]

[TD]6b[/TD]

[TD]01101011[/TD]

[TD] [/TD]

[TD]171[/TD]

[TD]ab[/TD]

[TD]10101011[/TD]

[TD] [/TD]

[TD]235[/TD]

[TD]eb[/TD]

[TD]11101011[/TD]

[/TR]

[TR]

[TD]44[/TD]

[TD]2c[/TD]

[TD]00101100[/TD]

[TD] [/TD]

[TD]108[/TD]

[TD]6c[/TD]

[TD]01101100[/TD]

[TD] [/TD]

[TD]172[/TD]

[TD]ac[/TD]

[TD]10101100[/TD]

[TD] [/TD]

[TD]236[/TD]

[TD]ec[/TD]

[TD]11101100[/TD]

[/TR]

[TR]

[TD]45[/TD]

[TD]2d[/TD]

[TD]00101101[/TD]

[TD] [/TD]

[TD]109[/TD]

[TD]6d[/TD]

[TD]01101101[/TD]

[TD] [/TD]

[TD]173[/TD]

[TD]ad[/TD]

[TD]10101101[/TD]

[TD] [/TD]

[TD]237[/TD]

[TD]ed[/TD]

[TD]11101101[/TD]

[/TR]

[TR]

[TD]46[/TD]

[TD]2e[/TD]

[TD]00101110[/TD]

[TD] [/TD]

[TD]110[/TD]

[TD]6e[/TD]

[TD]01101110[/TD]

[TD] [/TD]

[TD]174[/TD]

[TD]ae[/TD]

[TD]10101110[/TD]

[TD] [/TD]

[TD]238[/TD]

[TD]ee[/TD]

[TD]11101110[/TD]

[/TR]

[TR]

[TD]47[/TD]

[TD]2f[/TD]

[TD]00101111[/TD]

[TD] [/TD]

[TD]111[/TD]

[TD]6f[/TD]

[TD]01101111[/TD]

[TD] [/TD]

[TD]175[/TD]

[TD]af[/TD]

[TD]10101111[/TD]

[TD] [/TD]

[TD]239[/TD]

[TD]ef[/TD]

[TD]11101111[/TD]

[/TR]

[TR]

[TD]48[/TD]

[TD]30[/TD]

[TD]00110000[/TD]

[TD] [/TD]

[TD]112[/TD]

[TD]70[/TD]

[TD]01110000[/TD]

[TD] [/TD]

[TD]176[/TD]

[TD]b0[/TD]

[TD]10110000[/TD]

[TD] [/TD]

[TD]240[/TD]

[TD]f0[/TD]

[TD]11110000[/TD]

[/TR]

[TR]

[TD]49[/TD]

[TD]31[/TD]

[TD]00110001[/TD]

[TD] [/TD]

[TD]113[/TD]

[TD]71[/TD]

[TD]01110001[/TD]

[TD] [/TD]

[TD]177[/TD]

[TD]b1[/TD]

[TD]10110001[/TD]

[TD] [/TD]

[TD]241[/TD]

[TD]f1[/TD]

[TD]11110001[/TD]

[/TR]

[TR]

[TD]50[/TD]

[TD]32[/TD]

[TD]00110010[/TD]

[TD] [/TD]

[TD]114[/TD]

[TD]72[/TD]

[TD]01110010[/TD]

[TD] [/TD]

[TD]178[/TD]

[TD]b2[/TD]

[TD]10110010[/TD]

[TD] [/TD]

[TD]242[/TD]

[TD]f2[/TD]

[TD]11110010[/TD]

[/TR]

[TR]

[TD]51[/TD]

[TD]33[/TD]

[TD]00110011[/TD]

[TD] [/TD]

[TD]115[/TD]

[TD]73[/TD]

[TD]01110011[/TD]

[TD] [/TD]

[TD]179[/TD]

[TD]b3[/TD]

[TD]10110011[/TD]

[TD] [/TD]

[TD]243[/TD]

[TD]f3[/TD]

[TD]11110011[/TD]

[/TR]

[TR]

[TD]52[/TD]

[TD]34[/TD]

[TD]00110100[/TD]

[TD] [/TD]

[TD]116[/TD]

[TD]74[/TD]

[TD]01110100[/TD]

[TD] [/TD]

[TD]180[/TD]

[TD]b4[/TD]

[TD]10110100[/TD]

[TD] [/TD]

[TD]244[/TD]

[TD]f4[/TD]

[TD]11110100[/TD]

[/TR]

[TR]

[TD]53[/TD]

[TD]35[/TD]

[TD]00110101[/TD]

[TD] [/TD]

[TD]117[/TD]

[TD]75[/TD]

[TD]01110101[/TD]

[TD] [/TD]

[TD]181[/TD]

[TD]b5[/TD]

[TD]10110101[/TD]

[TD] [/TD]

[TD]245[/TD]

[TD]f5[/TD]

[TD]11110101[/TD]

[/TR]

[TR]

[TD]54[/TD]

[TD]36[/TD]

[TD]00110110[/TD]

[TD] [/TD]

[TD]118[/TD]

[TD]76[/TD]

[TD]01110110[/TD]

[TD] [/TD]

[TD]182[/TD]

[TD]b6[/TD]

[TD]10110110[/TD]

[TD] [/TD]

[TD]246[/TD]

[TD]f6[/TD]

[TD]11110110[/TD]

[/TR]

[TR]

[TD]55[/TD]

[TD]37[/TD]

[TD]00110111[/TD]

[TD] [/TD]

[TD]119[/TD]

[TD]77[/TD]

[TD]01110111[/TD]

[TD] [/TD]

[TD]183[/TD]

[TD]b7[/TD]

[TD]10110111[/TD]

[TD] [/TD]

[TD]247[/TD]

[TD]f7[/TD]

[TD]11110111[/TD]

[/TR]

[TR]

[TD]56[/TD]

[TD]38[/TD]

[TD]00111000[/TD]

[TD] [/TD]

[TD]120[/TD]

[TD]78[/TD]

[TD]01111000[/TD]

[TD] [/TD]

[TD]184[/TD]

[TD]b8[/TD]

[TD]10111000[/TD]

[TD] [/TD]

[TD]248[/TD]

[TD]f8[/TD]

[TD]11111000[/TD]

[/TR]

[TR]

[TD]57[/TD]

[TD]39[/TD]

[TD]00111001[/TD]

[TD] [/TD]

[TD]121[/TD]

[TD]79[/TD]

[TD]01111001[/TD]

[TD] [/TD]

[TD]185[/TD]

[TD]b9[/TD]

[TD]10111001[/TD]

[TD] [/TD]

[TD]249[/TD]

[TD]f9[/TD]

[TD]11111001[/TD]

[/TR]

[TR]

[TD]58[/TD]

[TD]3a[/TD]

[TD]00111010[/TD]

[TD] [/TD]

[TD]122[/TD]

[TD]7a[/TD]

[TD]01111010[/TD]

[TD] [/TD]

[TD]186[/TD]

[TD]ba[/TD]

[TD]10111010[/TD]

[TD] [/TD]

[TD]250[/TD]

[TD]fa[/TD]

[TD]11111010[/TD]

[/TR]

[TR]

[TD]59[/TD]

[TD]3b[/TD]

[TD]00111011[/TD]

[TD] [/TD]

[TD]123[/TD]

[TD]7b[/TD]

[TD]01111011[/TD]

[TD] [/TD]

[TD]187[/TD]

[TD]bb[/TD]

[TD]10111011[/TD]

[TD] [/TD]

[TD]251[/TD]

[TD]fb[/TD]

[TD]11111011[/TD]

[/TR]

[TR]

[TD]60[/TD]

[TD]3c[/TD]

[TD]00111100[/TD]

[TD] [/TD]

[TD]124[/TD]

[TD]7c[/TD]

[TD]01111100[/TD]

[TD] [/TD]

[TD]188[/TD]

[TD]bc[/TD]

[TD]10111100[/TD]

[TD] [/TD]

[TD]252[/TD]

[TD]fc[/TD]

[TD]11111100[/TD]

[/TR]

[TR]

[TD]61[/TD]

[TD]3d[/TD]

[TD]00111101[/TD]

[TD] [/TD]

[TD]125[/TD]

[TD]7d[/TD]

[TD]01111101[/TD]

[TD] [/TD]

[TD]189[/TD]

[TD]bd[/TD]

[TD]10111101[/TD]

[TD] [/TD]

[TD]253[/TD]

[TD]fd[/TD]

[TD]11111101[/TD]

[/TR]

[TR]

[TD]62[/TD]

[TD]3e[/TD]

[TD]00111110[/TD]

[TD] [/TD]

[TD]126[/TD]

[TD]7e[/TD]

[TD]01111110[/TD]

[TD] [/TD]

[TD]190[/TD]

[TD]be[/TD]

[TD]10111110[/TD]

[TD] [/TD]

[TD]254[/TD]

[TD]fe[/TD]

[TD]11111110[/TD]

[/TR]

[TR]

[TD]63[/TD]

[TD]3f[/TD]

[TD]00111111[/TD]

[TD] [/TD]

[TD]127[/TD]

[TD]7f[/TD]

[TD]01111111[/TD]

[TD] [/TD]

[TD]191[/TD]

[TD]bf[/TD]

[TD]10111111[/TD]

[TD] [/TD]

[TD]255[/TD]

[TD]ff[/TD]

[TD]11111111[/TD]

[/TR]

[/TABLE]

 

 

Convert hex to ascii

https://onlinehextools.com/convert-hex-to-ascii

https://www.rapidtables.com/convert/number/hex-to-ascii.html

 

47Hex = "G"

Edited by Fral
Link to comment
Share on other sites
Fral Newbie

Fral

Posted
Posted
Dear FRAL

This looks very impressive and its way beyond my pay grade lol.

Are there any NT educated indicators that you can please share with us.

Thanks in advance

Traderbeauty-Jane

Still learning RE / deobfuscation / Assembly language (quite new to it myself).

Small daily steps to flatten the learning curve.

Looking for simple learning resources and documenting when possible here.

Be well!

Link to comment
Share on other sites
Fral Newbie

Fral

Posted
Posted (edited)

[TABLE=border: 1, cellpadding: 0, cellspacing: 0]

[TR]

[TD]1 byte / one half WORD Partial Registers[/TD]

[TD]add al, ch[/TD]

[/TR]

[TR]

[TD] [/TD]

[TD]https://paste.c-net.org/ClothesJamming[/TD]

[/TR]

[TR]

[TD]2 bytes / 1 word partial registers[/TD]

[TD]add di, cx[/TD]

[/TR]

[TR]

[TD] [/TD]

[TD]https://paste.c-net.org/AndrewsBeery[/TD]

[/TR]

[TR]

[TD]4 bytes / 2 WORDS / 1 DWORD / full register[/TD]

[TD]add edi, ecx[/TD]

[/TR]

[TR]

[TD] [/TD]

[TD]https://paste.c-net.org/AntlersHelen[/TD]

[/TR]

[TR]

[TD] [/TD]

[TD]https://paste.c-net.org/SketchesTense[/TD]

[/TR]

[/TABLE]

8 - Addition using full registers.mp4

9 - Addition of partial registers.mp4

Assembly Language Programming For Reverse Engineering

https://rutracker.org/forum/viewtopic.php?t=6353419

Edited by Fral
Link to comment
Share on other sites
Fral Newbie

Fral

Posted
Posted
Sorry Fral firts of all many thanks for the amount of stuff you are posting ....also because from what I understand to deobfuscate the new dlls for NT8 we have to use a very expensive software and since I'm not a useless seller I spend more money than add-on trading software for NT8.....at the new many still thanks

what software? Commercial one or custom made one.

Link to comment
Share on other sites
Fral Newbie

Fral

Posted
Posted (edited)
Sorry Fral firts of all many thanks for the amount of stuff you are posting ....also because from what I understand to deobfuscate the new dlls for NT8 we have to use a very expensive software and since I'm not a useless seller I spend more money than add-on trading software for NT8.....at the new many still thanks

 

? [TABLE=border: 1, cellpadding: 0, cellspacing: 0]

[TR]

[TD]IDA PRO 8.2[/TD]

[TD] [/TD]

[/TR]

[TR]

[TD] [/TD]

[TD]https://paste.c-net.org/TrenchesImbecile[/TD]

[/TR]

[TR]

[TD] [/TD]

[TD]https://www.torproject.org/download/[/TD]

[/TR]

[TR]

[TD] [/TD]

[TD]http://fckilfkscwusoopguhi7i6yg3l6tknaz7lrumvlhg5mvtxzxbb xlimid.onion/[/TD]

[/TR]

[TR]

[TD] [/TD]

[TD]https://rutracker-org.translate.goog...en&_x_tr_hl=en[/TD]

[/TR]

[TR]

[TD] [/TD]

[TD]https://duckduckgo.com/?hps=1&q=site...ida+pro&ia=web[/TD]

[/TR]

[/TABLE]

 

Edited by Fral
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing


About us

Indo-Investasi.com, is since 2008, one of the prime online destinations for information and discussion about forex trading, and online investments.

Share your experiences, find tools and learning materials, seek help, and make friends. More About us.

Indo-Investasi Community

Important Pages

Financial Disclaimer: Trading FOREX on margin carries a high level of risk, and may not be suitable for everyone. Past performance is not a guarantee of future results. The high degree of leverage can work against you as well as for you. Before deciding to invest in foreign exchange you should carefully consider your investment objectives, level of experience, and risk appetite. The possibility exists that you could sustain a loss of some or all of your initial investment and therefore you should not invest money that you cannot afford to lose. Please see our Terms & Conditions for more information.
×
×
  • Create New...