About
Articles
Book Store
Distributed RCE
Downloads
Event Calendar
Forums
Live Discussion
Reference Library
RSS Feeds
Search
Store
Users
What's New
Customize Theme
bluegrey
blackgreen
metal
simple
Flag:
Tornado!
Hurricane!
Login:
Password:
Remember Me
Register
Blogs
>>
RolfRolles
's Blog
Created: Friday, June 15 2007 00:33.36 CDT
Printer Friendly ...
ProcDump Thorough IDB
Author:
RolfRolles
# Views:
4477
After some deliberation, I have decided to release my
thorough IDB for ProcDump 1.62 final
, which is substantially more detailed than the original ASM source code itself. If you care to study it, you can learn a great deal about coding dynamic reversing tools and static reversing.
At the time I analyzed this, in late 2003, it was the largest binary that I'd attempted. My analysis style was somewhat immature and sporadic, and so you shouldn't try to emulate anything you see inside of it. (It took another six months after this to perfect my static technique.)
I hope that the ProcDump authors aren't upset about this; after all, ProcDump is nine years old and has since been succeeded by ImpRec, OllyDump, NTICEDUMP, etc. Greets to the ProcDump team, and thanks for their valuable contribution (which ultimately shaped the direction of dynamic tools for years to come).
Blog Comments
Sellmi
Posted: Friday, June 15 2007 03:22.56 CDT
This is a good example for the power of the hexrays decompiler
plugin for IDA...
http://pastebin.com/929445
dennis
Posted: Friday, June 15 2007 03:57.00 CDT
Sure, it's like running hexrays on an ms binary with
debug symbols applied (with the exception ms binaries
usually not being written in 100% asm code) ;-)
Orr
Posted: Friday, June 15 2007 04:28.25 CDT
Rolf - Hardcore :)
sp
Posted: Sunday, June 17 2007 10:11.02 CDT
Thanks for sharing, man.
Soul12
Posted: Thursday, June 21 2007 13:04.00 CDT
to much spare time :> gj
NeOXQuiCk
Posted: Wednesday, December 19 2007 20:28.42 CST
nice ... it took you some time to do it
Add New Comment
Comment:
There are
20,335
total registered users.
Recently Created Topics
Career: Threat Inte...
Jul/30
Career: Security Res...
Jul/30
Library Debugging Pr...
Jul/29
Pydbg attach Vs load?
Jul/29
IDA and MIPS (emulat...
Jul/27
UK Cyber Security ch...
Jul/26
System Service Descr...
Jul/26
LD_PRELOAD Question
Jul/23
Patching Application...
Jul/22
Contract: Research E...
Jul/19
Recent Forum Posts
Pydbg attach Vs load?
aMIr
LD_PRELOAD Question
monarch
LD_PRELOAD Question
justano...
LD_PRELOAD Question
monarch
Patching Application...
hughhan
Patching Application...
jduck
immunity debugger pl...
Malware...
paimei installation ...
wishi
IDA Pro customization
wishi
how to chnage an ins...
ConsoleFx
Recent Blog Entries
ResearchAviator
Jul/28
Installation procedure for ...
artemblagodarenko
Jul/27
Common function prototype
dennis
Jul/24
Dr. Gadget IDAPython plugin
trufae
Jul/23
radare2 0.5 released
AmrThabet
Jul/21
Pokas x86 Emulator for Gene...
More ...
Recent Blog Comments
omeg
on:
Jul/29
Windows 7 syscall list
renzosilv
on:
Jul/26
Windows 7 syscall list
renzosilv
on:
Jul/26
Windows 7 syscall list
Dreg
on:
Jul/21
HiperDrop 0.0.1
djnemo
on:
Jul/20
HiperDrop 0.0.1
More ...
Imagery
SoySauce Blueprint
Jun 6, 2008
[+] expand
View Gallery
(11) /
Submit
Printer Friendly ...
![[+] expand](/imagery/files/soysauce_blueprint.gif){kind=link}