OpenRCE

About Articles Book Store Distributed RCE Downloads Event Calendar Forums Live Discussion Reference Library RSS Feeds Search Users What's New

Customize Theme

Flag: Tornado! Hurricane!

Created: Friday, June 15 2007 00:33.36 CDT

Printer Friendly ...

ProcDump Thorough IDB

Author: RolfRolles

# Views: 5827

After some deliberation, I have decided to release my thorough IDB for ProcDump 1.62 final, which is substantially more detailed than the original ASM source code itself.  If you care to study it, you can learn a great deal about coding dynamic reversing tools and static reversing.

At the time I analyzed this, in late 2003, it was the largest binary that I'd attempted.  My analysis style was somewhat immature and sporadic, and so you shouldn't try to emulate anything you see inside of it.  (It took another six months after this to perfect my static technique.)

I hope that the ProcDump authors aren't upset about this; after all, ProcDump is nine years old and has since been succeeded by ImpRec, OllyDump, NTICEDUMP, etc.  Greets to the ProcDump team, and thanks for their valuable contribution (which ultimately shaped the direction of dynamic tools for years to come).

Blog Comments

Sellmi	Posted: Friday, June 15 2007 03:22.56 CDT
This is a good example for the power of the hexrays decompiler plugin for IDA... http://pastebin.com/929445

dennis	Posted: Friday, June 15 2007 03:57.00 CDT
Sure, it's like running hexrays on an ms binary with debug symbols applied (with the exception ms binaries usually not being written in 100% asm code) ;-)

Orr	Posted: Friday, June 15 2007 04:28.25 CDT
Rolf - Hardcore :)

sp	Posted: Sunday, June 17 2007 10:11.02 CDT
Thanks for sharing, man.

Soul12	Posted: Thursday, June 21 2007 13:04.00 CDT
to much spare time :> gj

NeOXQuiCk	Posted: Wednesday, December 19 2007 20:28.42 CST
nice ... it took you some time to do it

There are 29,877 total registered users.

Recently Created Topics
Attach to program us...	May/13
IDA PRO how to make ...	May/12
FACT: OpenRCE is dead.	May/08
Int 3 anti debug?	May/05
help needed - Beginn...	May/03
Attaching IDA Pro to...	Apr/27
File type	Apr/21
Debugging iphone app...	Apr/15
Attaching	Apr/12
Displaying data and ...	Apr/11

Recent Forum Posts
Ollydbg 2.0 - Plugin...	openrce...
IDA PRO how to make ...	codeinject
FACT: OpenRCE is dead.	codeinject
IDA Resource Viewer ...	r2x64
FACT: OpenRCE is dead.	djnemo
FACT: OpenRCE is dead.	codeinject
FACT: OpenRCE is dead.	pedram
help needed - Beginn...	araujo
Attaching IDA Pro to...	codeinject
Int 3 anti debug?	codeinject

Recent Blog Entries
	sweetyss	May/18
Adam Wainwright continues t...
	lowpriority	Apr/13
OllyMigrate Plugin for Olly...
	everdox	Mar/08
2 anti-trace mechanisms spe...
	everdox	Mar/07
Advanced debugging techniques
	everdox	Mar/06
Branch tracing and LBR acce...
More ...

Recent Blog Comments
	clarisonic on:	Apr/03
New version of Ollydbg!
	clarisonic on:	Apr/03
New version of Ollydbg!
	trackerx90 on:	Mar/04
SuppressDebugMsg As Anti-De...
	coachfactory on:	Feb/25
Portable Executable Format ...
	coachfactory on:	Feb/25
A new Anti-Olly trick.
More ...

Imagery

SoySauce Blueprint
Jun 6, 2008

[+] expand

View Gallery (11) / Submit