OpenRCE

About Articles Book Store Distributed RCE Downloads Event Calendar Forums Live Discussion Reference Library RSS Feeds Search Users What's New

Customize Theme

Flag: Tornado! Hurricane!

Created: Friday, June 15 2007 00:33.36 CDT

Printer Friendly ...

ProcDump Thorough IDB

Author: RolfRolles

# Views: 5478

After some deliberation, I have decided to release my thorough IDB for ProcDump 1.62 final, which is substantially more detailed than the original ASM source code itself.  If you care to study it, you can learn a great deal about coding dynamic reversing tools and static reversing.

At the time I analyzed this, in late 2003, it was the largest binary that I'd attempted.  My analysis style was somewhat immature and sporadic, and so you shouldn't try to emulate anything you see inside of it.  (It took another six months after this to perfect my static technique.)

I hope that the ProcDump authors aren't upset about this; after all, ProcDump is nine years old and has since been succeeded by ImpRec, OllyDump, NTICEDUMP, etc.  Greets to the ProcDump team, and thanks for their valuable contribution (which ultimately shaped the direction of dynamic tools for years to come).

Blog Comments

Sellmi	Posted: Friday, June 15 2007 03:22.56 CDT
This is a good example for the power of the hexrays decompiler plugin for IDA... http://pastebin.com/929445

dennis	Posted: Friday, June 15 2007 03:57.00 CDT
Sure, it's like running hexrays on an ms binary with debug symbols applied (with the exception ms binaries usually not being written in 100% asm code) ;-)

Orr	Posted: Friday, June 15 2007 04:28.25 CDT
Rolf - Hardcore :)

sp	Posted: Sunday, June 17 2007 10:11.02 CDT
Thanks for sharing, man.

Soul12	Posted: Thursday, June 21 2007 13:04.00 CDT
to much spare time :> gj

NeOXQuiCk	Posted: Wednesday, December 19 2007 20:28.42 CST
nice ... it took you some time to do it

Active in Last 5 Minutes
	phifli

There are 28,212 total registered users.

Recently Created Topics
Reverse Engineering ...	Jan/23
Career: DoD Agency I...	Jan/22
"Disappearing&q...	Jan/17
Career: Software Sec...	Jan/11
Where is the call st...	Jan/07
IDA Pro 6.1 Breakpoi...	Jan/01
How to create data s...	Dec/30
can i search all mod...	Dec/23
IDA symbol table exp...	Dec/20
An anti-attach trick	Dec/17

Recent Forum Posts
Reverse Engineering ...	NirIzr
"Disappearing&q...	NirIzr
Reverse Engineering ...	charlie
"Disappearing&q...	charlie
An anti-attach trick	Bass
An anti-attach trick	waleeda...
An anti-attach trick	Bass
An anti-attach trick	waleeda...
An anti-attach trick	Bass
Looking for value in...	NirIzr

Recent Blog Entries
	Ludwig	Feb/04
chi on sale
	Ludwig	Feb/04
Monster In The Vicinity Of ...
	Ludwig	Feb/04
Supra footwear Online
	waleedassar	Jan/31
Yet Another Anti-Debug Trick
	RolfRolles	Jan/22
Finding Bugs in VMs with a ...
More ...

Recent Blog Comments
	waleedassar on:	Feb/01
Yet Another Anti-Debug Trick
	NirIzr on:	Jan/31
Yet Another Anti-Debug Trick
	jackchen on:	Jan/10
nike mercurial vapor iii
	waleedassar on:	Dec/27
A new Anti-Olly trick.
	PeterFerrie on:	Dec/27
A new Anti-Olly trick.
More ...

Imagery

SoySauce Blueprint
Jun 6, 2008

[+] expand

View Gallery (11) / Submit