OpenRCE

About Articles Book Store Distributed RCE Downloads Event Calendar Forums Live Discussion Reference Library RSS Feeds Search Store Users What's New

Customize Theme

Flag: Tornado! Hurricane!

Created: Monday, July 19 2010 17:01.22 CDT

Direct Link, View / Make / Edit Comments

HiperDrop 0.0.1

Author:

GynvaelColdwind

# Views: 980

Hi :)

I've published a tool that I've made a while ago, and forgot it later. I've came across it yesterday while looking through the directories.

Anyway, it's called HiperDrop, and it's a simple command line process memory dumper for Windows.

Basically, it attaches to a process, read the whole memory (unlike LordPE / OllyDump, this tool is design to download the whole memory of the process), and saves it to disk.

I've written some more details on my tech blog :)

You can download the tool (it's open source) here:
http://gynvael.coldwind.pl/download.php?f=HiperDrop-0.0.1.zip

Take care :)

Created: Tuesday, January 26 2010 19:26.05 CST

Modified: Tuesday, January 26 2010 19:26.51 CST

Direct Link, View / Make / Edit Comments

The tale of Syndicate Wars Port

Author:

GynvaelColdwind

# Views: 2123

As promised, It's time to reveal the technical story behind the Syndicate Wars Port. The story is divided into two parts - the first, and the second attempt to port this game. Comments are welcomed!

Read more... (be warned that the story is long :)

Created: Monday, January 25 2010 17:20.35 CST

Modified: Monday, January 25 2010 17:28.55 CST

Direct Link, View / Make / Edit Comments

Syndicate Wars - a reverse-engineering tale

Author:

GynvaelColdwind

# Views: 2858

Syndicate Wars is a game published in 1996, created by Bullfrog. The game was written in C (Watcom) for the DOS4GW DOS extender. And of course it has stopped working natively (i.e. without emulators like DOSBox) when the modern operating systems, like GNU/Linux or Windows NT series, emerged.

A few years ago my friend, Unavowed, told me about proposition of a project to create a port of Sydicate Word for modern OS'es like the two previous one I've mentioned. The port was to be done by decompiling the original executable file, locating all the functions from the standard C library, locating the DOS4GW and I/O (sound, keyboard, gfx, mouse, etc) dependencies, replacing them with modern native libc function call and libSDL/OpenAL libraries (sometimes using simple wrappers, other times by creating converters), and finally, recompiling it all to form native executables for the modern systems.

Yesterday, we've finished this project, and we've published executables, not only for GNU/Linux and Windows, but also for Mac OSX :)

Project site (screens, downloads, even a video):
http://swars.vexillium.org/

As for the technical side of the project, I'll describe everything in the next post - it was the biggest reverse-engineering project I've took part in, and I hope you'll too find something interesting in the details for yourselves :)

GNU/Linux:

Mac OSX 10.5:

Windows Vista:

Created: Monday, January 11 2010 16:22.07 CST

Direct Link, View / Make / Edit Comments

Exception detection on Windows and HITB ezine

Author:

GynvaelColdwind

# Views: 2073

The Hack In The Box ezine, which was published in the years 2000-2005 (37 issues total) has been revived!
The newest issue contains 6 articles (including mine), which gives 44 pages of text, in PDF (link below). Imho it's worth taking a look. It's very possible your find something interesting for yourself there :)

Article list:
- p. 03 - Exception Detection on Windows (by me)
- p. 07 - The Art of DLL Injection (by Christian Wojner, CERT.at)
- p. 09 - LDAP Injection. Attack and Defense Techniques (cover story, by Esteban Guillardoy, Facundo de Guzman, Hernan Abbamonte)
- p. 18 - Xprobe2-NG. Low Volume Remote Network Information Gathering Tool (by Fedor V. Yarochkin. Ofir Arkin (Insightix), Meder Kydyraliev (Google), Shih-Yao Dai, Yennun Huang (Vee Telecom) and Sy-Yen Kyo)
- p. 25 - Malware Obfuscation. Tricks and Traps (by Wayne Huang, Armorize Technologies)
- p. 39 - Reconstructing Dalvik Applications Using UNDX (by Marc Schönefeld)

Download: HITB-Ezine-Issue-001.pdf

Comments about my article are mostly welcomed :)

Created: Tuesday, January 5 2010 13:33.31 CST

Direct Link, View / Make / Edit Comments

DR6 may or may not be useful for bochs/VirtualPC detection

Author:

GynvaelColdwind

# Views: 1963

This post will be similar to the previous one, and will be about small, but interesting, details of x86 architecture, that might be (and sometimes are) easily overlooked by creators of emulators and virtual machines. The hero of today's post is the DR6 debug register, or, to be more precise, the four least significant bits of this register - B0 to B3 (breakpoint condition detected flags). Please read the whole post before jumping into any conclusions :)

Read the full post...

Archived Entries for GynvaelColdwind

Subject	# Views	Created On
BSWAP + 66h prefix (bochs, QEMU detection)	2299	Tuesday, December 29 2009
A thought about drivers\etc\hosts file	1682	Friday, August 7 2009
Another file visualizations	2062	Wednesday, May 27 2009
CONFidence conference ESET crackme solution	2162	Tuesday, May 26 2009
Ent 0.0.3 and a post about entropy in RCE	1982	Sunday, March 8 2009
ExcpHook 0.0.5-rc2 released	2181	Tuesday, February 3 2009
Difference between exports in DLLs - Vista SP 1 vs Windows 7 Beta	1866	Tuesday, January 20 2009
LOOP vs. default Mac OS X assembler	1892	Sunday, December 7 2008
Freedom for everything - total annihilation of process memory	2136	Thursday, November 27 2008
Google Chrome Sandbox	2414	Thursday, September 4 2008
ExcpHook 0.0.4 released	3443	Tuesday, January 22 2008
Exception monitor	3645	Sunday, January 13 2008
Windows Vista environment variables	3504	Friday, August 3 2007
Looking for a job...	2786	Tuesday, December 12 2006
Hello World!	2440	Thursday, September 7 2006

Active in Last 5 Minutes
	timtoady

There are 21,677 total registered users.

Recently Created Topics
PyEmu error when cal...	Sep/02
Restore Themida/Winl...	Sep/02
Anti-olly technique	Aug/30
RAR Password	Aug/29
Heap protection on W...	Aug/23
Why Inline asm in C+...	Aug/20
Bypassing OllyAdvance	Aug/17
Error in logic for g...	Aug/17
Has anyone seen this...	Aug/17
ARM Executable - Pat...	Aug/16

Recent Forum Posts
reverse engineering ...	raiden56
pydbg, memory breakp...	Researc...
RAR Password	Ineedhelp
RAR Password	cod
Heap protection on W...	voila
Heap protection on W...	j00ru
Heap protection on W...	voila
Heap protection on W...	j00ru
Heap protection on W...	psylocn
Why Inline asm in C+...	ronnie2...

Recent Blog Entries
	meshmesh	Sep/01
Is it legal??
	waleedassar	Aug/30
Anti-olly technique
	QvasiModo	Aug/24
WinAppDbg 1.4 is out!
	artemblagodarenko	Aug/18
Dataflow-0.2.0 released. Ne...
	grzonu	Aug/17
Bypassing OllyAdvanced
More ...

Recent Blog Comments
	tosanjay on:	Sep/02
PyEmu 0.0.2
	GynvaelColdwind on:	Sep/01
Is it legal??
	PeterFerrie on:	Aug/31
Anti-olly technique
	dennis on:	Aug/26
Dr. Gadget IDAPython plugin
	halsten on:	Aug/19
Dataflow-0.2.0 released. Ne...
More ...

Imagery

SoySauce Blueprint
Jun 6, 2008

[+] expand

View Gallery (11) / Submit