Activity Stream

Filter
Sort By Time Show
Recent Recent Popular Popular Anytime Anytime Last 24 Hours Last 24 Hours Last 7 Days Last 7 Days Last 30 Days Last 30 Days All All Photos Photos Forum Forums Articles Articles Blog Blogs
  • evaluator's Avatar
    June 6th, 2020, 22:24
    are suspect opcodes for desktop Cpus?
    2 replies | 290 view(s)
  • Kayaker's Avatar
    June 6th, 2020, 11:01
    What kind of info are you looking for? Most seem to be Googleable. I patched a few of those opcodes into Ghidra and not only did it recognize them,...
    2 replies | 290 view(s)
  • evaluator's Avatar
    June 6th, 2020, 08:47
    so, as I am adding "new" itnel opcodes to rosasm assembler, need some help in understanding; as manual is now (325462-sdm-vol-1-2abcd-3abcd.pdf) in...
    2 replies | 290 view(s)
  • Kayaker's Avatar
    June 6th, 2020, 01:24
    Kayaker replied to a thread ReverseMe in Off Topic
    And they say DOS is dead. Yep, that's a nice way to do it. I've been using this little bit of SMC as an excuse to try to learn to create an...
    14 replies | 1049 view(s)
  • blabberer's Avatar
    June 4th, 2020, 09:44
    blabberer replied to a thread ReverseMe in Off Topic
    @kayaker if you want to run that code in windows 10 download and install vdos to say f:\vdos download grdb by ladsoft and copy grdb.exe to...
    14 replies | 1049 view(s)
  • WaxfordSqueers's Avatar
    June 3rd, 2020, 15:25
    WaxfordSqueers started a thread real DOS in Off Topic
    Had a bit of a laugh today. Reading up on ntvdm.exe which is the DOS emulator for Windows. I am running XP and I opened a CMD window to see if it...
    0 replies | 72 view(s)
  • evaluator's Avatar
    June 3rd, 2020, 00:49
    evaluator replied to a thread ReverseMe in Off Topic
    those are text-char range opcodes, I met likes of them previously in shell code analyzes. however in 32bit, code needs to find self address, thus...
    14 replies | 1049 view(s)
  • WaxfordSqueers's Avatar
    June 2nd, 2020, 15:28
    WaxfordSqueers replied to a thread ReverseMe in Off Topic
    Sorry...I posted a bad link above. My reference to the Eicar test file was on Wayback Machine and I supplied the address of the bad URL rather than...
    14 replies | 1049 view(s)
  • evaluator's Avatar
    June 2nd, 2020, 09:54
    evaluator replied to a thread ReverseMe in Off Topic
    'alternatively' you can make from those "text" chars "test.com" file and it will execute in dos mode.
    14 replies | 1049 view(s)
  • Kayaker's Avatar
    June 1st, 2020, 18:20
    Kayaker replied to a thread ReverseMe in Off Topic
    I decided to try to emulate the self modifying code in the Eicar test file just for fun. The original bytes can't be used because of the requirement...
    14 replies | 1049 view(s)
  • WaxfordSqueers's Avatar
    May 31st, 2020, 14:11
    WaxfordSqueers replied to a thread ReverseMe in Off Topic
    I saw no obvious start point so I presumed the first POP statement had AX initialized to 0. I started following the statements one by one, doing the...
    14 replies | 1049 view(s)
  • evaluator's Avatar
    May 30th, 2020, 23:19
    evaluator replied to a thread ReverseMe in Off Topic
    well, that explanation assumes code as 16bit, while I assumed as 32bit shell-code
    14 replies | 1049 view(s)
  • WaxfordSqueers's Avatar
    May 29th, 2020, 13:08
    WaxfordSqueers replied to a thread ReverseMe in Off Topic
    Click the Spoiler button on my last post. It reveals a couple of links explaining exactly what it is. The first link gives a step by step solution to...
    14 replies | 1049 view(s)
  • evaluator's Avatar
    May 29th, 2020, 08:09
    evaluator replied to a thread ReverseMe in Off Topic
    I tried to 'imagine' environment of this 'shellcode' but ESI & EDI are unknown. well we can think about EDI in range of this code.. but nothings...
    14 replies | 1049 view(s)
  • Kayaker's Avatar
    May 29th, 2020, 07:19
    Kayaker replied to a thread ReverseMe in Off Topic
    If you're protected you shouldn't be able to make a copy of that file (ctrl-c ctrl-v). Avast won't let me unless I do it in one of my 'excluded from...
    14 replies | 1049 view(s)
  • blabberer's Avatar
    May 29th, 2020, 06:56
    blabberer replied to a thread ReverseMe in Off Topic
    the file itself tells what it is Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 00000000 58 35 4F 21 50 25 40 41 50 5B 34 5C 50...
    14 replies | 1049 view(s)
  • Kayaker's Avatar
    May 28th, 2020, 18:55
    Kayaker replied to a thread ReverseMe in Off Topic
    I've been looking at the Windows Antimalware Scan Interface (AMSI) lately, and its relation to exploits particularly with PowerShell. ...
    14 replies | 1049 view(s)
  • WaxfordSqueers's Avatar
    May 28th, 2020, 14:43
    WaxfordSqueers replied to a thread ReverseMe in Off Topic
    I started working through it with the assumption that first statement POP AX was 0000. Got about 10 steps down then decided to check 'and ax,...
    14 replies | 1049 view(s)
  • Kayaker's Avatar
    May 28th, 2020, 10:56
    Kayaker started a thread ReverseMe in Off Topic
    This is well known code. Harmless. What is it? Disassembly of File: reverseme.com Code Offset = 00000000, Code Size = 00000044 Data Offset =...
    14 replies | 1049 view(s)
  • WaxfordSqueers's Avatar
    May 24th, 2020, 20:26
    @kayaker... procmon on the target did not react to the host machine running windbg in k-mode. I'll have to check out apimon or maybe logger.exe in...
    12 replies | 742 view(s)
  • WaxfordSqueers's Avatar
    May 24th, 2020, 20:24
    Thanks for info Blabbs, very helpful. Re symenumtypes, I got it from the debug help library in dbghelp.chm. Maybe I am using the command...
    12 replies | 742 view(s)
  • blabberer's Avatar
    May 24th, 2020, 01:34
    i don't recall any command named synenumtype so obviously it errs because s is command for Searchmemory and it cant resolve ymen or symen as a...
    12 replies | 742 view(s)
  • WaxfordSqueers's Avatar
    May 22nd, 2020, 16:53
    Hey...back in the bad old days, I used to program Basic straight into a computer to set up the heads on a disk drive. I actually wrote little...
    12 replies | 742 view(s)
  • Kayaker's Avatar
    May 22nd, 2020, 06:37
    I remember doing some parallel port programming with QBasic, but I don't think that would help here :p OK, crazy reversing idea, would running an...
    12 replies | 742 view(s)
  • WaxfordSqueers's Avatar
    May 21st, 2020, 19:29
    Thanks Kayaker. I have tried all the obvious things, now I need to do some reversing and find out where things are getting hung up. I have sent a...
    12 replies | 742 view(s)
  • Kayaker's Avatar
    May 21st, 2020, 13:00
    Hey Wax. You seem to have had this problem for a long time. I've never set up anything like that, debugging over 2 computers, but the docs seem to...
    12 replies | 742 view(s)
  • WaxfordSqueers's Avatar
    May 18th, 2020, 13:32
    Wracking my brain trying to find a scientific way to detect what is wrong with my k-mode connection between my W7 host and my XP target. It's the...
    12 replies | 742 view(s)
  • evaluator's Avatar
    May 16th, 2020, 04:55
    Kayaker, cmon.. 0F 3F is just illegal intruction, artifically used by software as opcode; sure you heard about such like VBox "opcodes".. while...
    11 replies | 769 view(s)
  • blabberer's Avatar
    May 15th, 2020, 19:47
    the 0f 3f opcodes were used by virtual pc as some backdoor communication with host (vmsti,vmcli etc (set interrupt , clear interrupt hooks ) you...
    11 replies | 769 view(s)
  • Kayaker's Avatar
    May 15th, 2020, 15:11
    Kayaker replied to a thread XGETBV trickies in General Reversing
    Not xgetbv but another opcode I hadn't come across before, VPCEXT 7, 0Bh, used to detect the presence of VirtualPC. This is just an observation...
    11 replies | 769 view(s)
More Activity