http://www.openrce.org/rss/feeds/blog OpenRCE: The Open Reverse Code Engineering Community Wed, 24 Sep 2014 15:37:26 -0500 https://www.openrce.org/blog/view/5103/IAT_Patcher_-_new_tool_for_easy_API_hooking hasherezade <email-suppressed@example.com> Wanna see how easy and fast API hooking can be?<br /> Please have a look and share your opinions:<br /> <a href="http://hasherezade.net/IAT_patcher/">IAT Patcher</a> Sat, 24 Aug 2013 16:12:12 -0500 https://www.openrce.org/blog/view/4695/Andromeda_(W32/Kryptik.AX!tr)_-_analysis_of_the_malware hasherezade <email-suppressed@example.com> The object of the analysis is a cryptor of MMS malware (called W32/Kryptik.AX!tr by Fortinet, aka Andromeda).<br /> The malware apeared few moths ago in Poland.It have various mutations, carying a various payload.<br /> In this document, I will explain the common elements and mechanisms used in the cryptor. <br /> Link:<br /> <a href="http://hasherezade.net/malware/andromeda">http://hasherezade.net/malware/andromeda</a> Tue, 09 Jul 2013 09:54:39 -0500 https://www.openrce.org/blog/view/4667/PE-bear_-_a_new_PE_files_reversing_tool hasherezade <email-suppressed@example.com> Hi! Today I would like to introduce my new project – PE-bear. In short words – it is a viewer/editor for PE32 and PE64 files. You may ask – why the hell another PE reversing tool? Well, I started developing it just for myself and for my friends, involved in malware analysis – due to the fact that existing tools were not matching all our needs. The tool grown, so now I decided to share it with the world, with the hope (but no warranty) that You also will find it useful.<br /> The latest version is 0.2.0 (beta)<br /> <br /> More details you can find here:<br /> <br /> <a href="http://hshrzd.wordpress.com/pe-bear/">PE-bear</a><br /> <br /> Special thanks goes to Sfires, for hosting the project and supporting the full development process.<br /> <br /> Features:<br /> - handles PE32 and PE64<br /> - views multiple files in parallel<br /> - recognizes known packers (by signatures)<br /> - fast disassembler – starting from any chosen RVA/File offset<br /> - visualization of sections layout<br /> - selective comparing of two chosen PE files<br /> - integration with explorer menu<br /> - and more…<br /> Thu, 19 Jul 2012 00:41:37 -0500 https://www.openrce.org/blog/view/2262/Keygen_for_CONfidence2012_ESET_CrackMe hasherezade <email-suppressed@example.com> Hi,<br /> last time I published a solution for ESET Crackme 2012. However, some people were interested how to keygen it. If you also are, be my guest: <a href="http://hshrzd.wordpress.com/2012/07/08/keygenning-esets-confidence-2012-crackme/">http://hshrzd.wordpress.com/2012/07/08/keygenning-esets-confidence-2012-crackme/</a> Sun, 03 Jun 2012 08:12:26 -0500 https://www.openrce.org/blog/view/2172/Solution_to_CONfidence2012_ESET_CrackMe hasherezade <email-suppressed@example.com> Hi, recently i placed on my blog a solution to the CONfidence2012 CrackMe. If anyone interested, You are welcome!<br /> <a href="http://hshrzd.wordpress.com/2012/05/29/solving-esets-confidence-2012-crackme/">http://hshrzd.wordpress.com/2012/05/29/solving-esets-confidence-2012-crackme/</a>