http://www.openrce.org/rss/feeds/blog OpenRCE: The Open Reverse Code Engineering Community Tue, 21 Feb 2012 10:00:44 -0600 https://www.openrce.org/blog/view/2016/Portable_Executable_Format_Posters_for_Sale_in_A1_format bw <email-suppressed@example.com> I've created <b>PE Format</b> poster in <b>A1 59,4 x 84,1 cm</b> format, including almost all of the structures from <b>PE/PE32+</b> format (with comments from WinNT.h header file), if you would like to buy a printed copy, please <a href="http://www.pelock.com/contact">contact me</a>.<br /> <br /> <a href="http://www.secnews.pl/2012/02/21/pe-format-poster-en/">http://www.secnews.pl/2012/02/21/pe-format-poster-en/</a><br /> <br /> <img src="http://www.secnews.pl/wp-content/uploads/2012/02/pe_poster_1.png" border=0 align=""> Fri, 04 Apr 2008 19:29:07 -0500 https://www.openrce.org/blog/view/1111/RCE_Directory bw <email-suppressed@example.com> Just a small project of mine - a link directory to RCE tools, blogs and everything else more or less related to <i>reverse engineering</i>:<br /> <br /> <a href="http://www.rcedir.com">http://www.rcedir.com</a><br /> <br /> Feel free to add your own links:<br /> <br /> <a href="http://www.rcedir.com/submit.php">http://www.rcedir.com/submit.php</a><br /> <br /> If you can't find proper category, just add your link to any available category and i will do the rest :)<br /> <br /> Thank you! Thu, 19 Apr 2007 14:56:13 -0500 https://www.openrce.org/blog/view/712/MultiExtractor_File_Ripper bw <email-suppressed@example.com> <a href="http://www.multiextractor.com">MultiExtractor</a> is a classic file ripper written by my friend Maciek, if you ever wanted to see what's hidden inside files at &quot;C:\Program Files&quot; this is the right tool (then you can go and complain to software developers about the size of their applications becouse of the hidden easter egg pictures :)<br /> <br /> Screenshots<br /> <a href="http://www.multiextractor.com/screenshots.html">http://www.multiextractor.com/screenshots.html</a> Sun, 15 Apr 2007 16:52:50 -0500 https://www.openrce.org/blog/view/693/VMware_detection_(anti-debugging_trick_against_TRW) bw <email-suppressed@example.com> Binaries + source code<br /> <a href="http://www.pelock.com/blog/2007/04/15/vmware-detection-anti-debugging-trick-against-trw/">http://www.pelock.com/blog/2007/04/15/vmware-detection-anti-debugging-trick-against-trw/</a><br /> <br /> Some of the anti-debugging tricks can be used to detect VMware, one of them is an old anti TRW (TRW was a popular debugger in 9x days) trick.<br /> <br /> This anti-debugging trick works fine on a real Windows 9x installations (95, 98, ME) but it raises an exception under VMware (while reading IDT entry).<br /> <code><br /> BOOL IsVMware9xTrw()<br /> {<br /> &nbsp;&nbsp;&nbsp;&nbsp;// detect NT/XP/Vista<br /> &nbsp;&nbsp;&nbsp;&nbsp;if ( (GetVersion() &amp; 0x80000000) == 0 )<br /> &nbsp;&nbsp;&nbsp;&nbsp;{<br /> &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;return FALSE;<br /> &nbsp;&nbsp;&nbsp;&nbsp;}<br /> <br /> &nbsp;&nbsp;&nbsp;&nbsp;// detect VMWare (anti debugging trick against TRW)<br /> &nbsp;&nbsp;&nbsp;&nbsp;// VMware isn't detected with vm acceleration disabled<br /> &nbsp;&nbsp;&nbsp;&nbsp;__try<br /> &nbsp;&nbsp;&nbsp;&nbsp;{<br /> &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;__asm<br /> &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;{<br /> &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;sub&nbsp;&nbsp;&nbsp;&nbsp;esp, 6<br /> &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;sidt&nbsp;&nbsp; fword ptr [esp]<br /> &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;pop&nbsp;&nbsp;&nbsp;&nbsp;ax<br /> &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;pop&nbsp;&nbsp;&nbsp;&nbsp;eax<br /> &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;mov&nbsp;&nbsp;&nbsp;&nbsp;al, byte ptr [eax + 00Eh]<br /> &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;}<br /> &nbsp;&nbsp;&nbsp;&nbsp;}<br /> &nbsp;&nbsp;&nbsp;&nbsp;__except(EXCEPTION_EXECUTE_HANDLER)<br /> &nbsp;&nbsp;&nbsp;&nbsp;{<br /> &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;return TRUE;<br /> &nbsp;&nbsp;&nbsp;&nbsp;}<br /> <br /> &nbsp;&nbsp;&nbsp;&nbsp;return FALSE;<br /> }<br /> </code>