Activity Stream

Filter
Sort By Time Show
Recent Recent Popular Popular Anytime Anytime Last 24 Hours Last 24 Hours Last 7 Days Last 7 Days Last 30 Days Last 30 Days All All Photos Photos Forum Forums Articles Articles Blog Blogs
Filter by: Last 7 Days Clear All
  • blabberer's Avatar
    June 4th, 2020, 09:44
    blabberer replied to a thread ReverseMe in Off Topic
    @kayaker if you want to run that code in windows 10 download and install vdos to say f:\vdos download grdb by ladsoft and copy grdb.exe to...
    13 replies | 296 view(s)
  • WaxfordSqueers's Avatar
    June 3rd, 2020, 15:25
    WaxfordSqueers started a thread real DOS in Off Topic
    Had a bit of a laugh today. Reading up on ntvdm.exe which is the DOS emulator for Windows. I am running XP and I opened a CMD window to see if it...
    0 replies | 16 view(s)
  • evaluator's Avatar
    June 3rd, 2020, 00:49
    evaluator replied to a thread ReverseMe in Off Topic
    those are text-char range opcodes, I met likes of them previously in shell code analyzes. however in 32bit, code needs to find self address, thus...
    13 replies | 296 view(s)
  • WaxfordSqueers's Avatar
    June 2nd, 2020, 15:28
    WaxfordSqueers replied to a thread ReverseMe in Off Topic
    Sorry...I posted a bad link above. My reference to the Eicar test file was on Wayback Machine and I supplied the address of the bad URL rather than...
    13 replies | 296 view(s)
  • evaluator's Avatar
    June 2nd, 2020, 09:54
    evaluator replied to a thread ReverseMe in Off Topic
    'alternatively' you can make from those "text" chars "test.com" file and it will execute in dos mode.
    13 replies | 296 view(s)
  • Kayaker's Avatar
    June 1st, 2020, 18:20
    Kayaker replied to a thread ReverseMe in Off Topic
    I decided to try to emulate the self modifying code in the Eicar test file just for fun. The original bytes can't be used because of the requirement...
    13 replies | 296 view(s)
  • WaxfordSqueers's Avatar
    May 31st, 2020, 14:11
    WaxfordSqueers replied to a thread ReverseMe in Off Topic
    I saw no obvious start point so I presumed the first POP statement had AX initialized to 0. I started following the statements one by one, doing the...
    13 replies | 296 view(s)
  • evaluator's Avatar
    May 30th, 2020, 23:19
    evaluator replied to a thread ReverseMe in Off Topic
    well, that explanation assumes code as 16bit, while I assumed as 32bit shell-code
    13 replies | 296 view(s)
  • WaxfordSqueers's Avatar
    May 29th, 2020, 13:08
    WaxfordSqueers replied to a thread ReverseMe in Off Topic
    Click the Spoiler button on my last post. It reveals a couple of links explaining exactly what it is. The first link gives a step by step solution to...
    13 replies | 296 view(s)
  • evaluator's Avatar
    May 29th, 2020, 08:09
    evaluator replied to a thread ReverseMe in Off Topic
    I tried to 'imagine' environment of this 'shellcode' but ESI & EDI are unknown. well we can think about EDI in range of this code.. but nothings...
    13 replies | 296 view(s)
  • Kayaker's Avatar
    May 29th, 2020, 07:19
    Kayaker replied to a thread ReverseMe in Off Topic
    If you're protected you shouldn't be able to make a copy of that file (ctrl-c ctrl-v). Avast won't let me unless I do it in one of my 'excluded from...
    13 replies | 296 view(s)
  • blabberer's Avatar
    May 29th, 2020, 06:56
    blabberer replied to a thread ReverseMe in Off Topic
    the file itself tells what it is Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 00000000 58 35 4F 21 50 25 40 41 50 5B 34 5C 50...
    13 replies | 296 view(s)
  • Kayaker's Avatar
    May 28th, 2020, 18:55
    Kayaker replied to a thread ReverseMe in Off Topic
    I've been looking at the Windows Antimalware Scan Interface (AMSI) lately, and its relation to exploits particularly with PowerShell. ...
    13 replies | 296 view(s)
No More Results