Welcome to the new Woodmann RCE Messageboards Regroupment
Please be patient while the rest of the site is restored.

To all Members of the old RCE Forums:
In order to log in, it will be necessary to reset your forum login password ("I forgot my password") using the original email address you registered with. You will be sent an email with a link to reset your password for that member account.

The old vBulletin forum was converted to phpBB format, requiring the passwords to be reset. If this is a problem for some because of a forgotten email address, please feel free to re-register with a new username. We are happy to welcome old and new members back to the forums! Thanks.

All new accounts are manually activated before you can post. Any questions can be PM'ed to Kayaker.

Binary Auditor - PE format rebuilding exercise solution

This forum focuses on analyzing malware and any aspects of dealing with packer protections.
Locked
encryptedmind
Junior Member
Posts: 14
Joined: Thu Apr 04, 2013 9:04 pm

Binary Auditor - PE format rebuilding exercise solution

Post by encryptedmind »

Hi everyone, I am new to this forum, I would like to start by providing a link to Binary Auditor's PE format rebuilding exercise.

Excercise Link : www.binary-auditing.com

Solution Link : http://resources.infosecinstitute.com/hex-editor/

The provided file is a split PE that has to be recombined after generating headers for it as well. Further the only tool used is a generic hex editor with additional features like byte histogram/entropy/opcode visualization etc may be used as extra features as and when needed. The goal is to keep it simple and quick.

I think the exercise is quite simple enough for beginners to intermediate in malware analysis as pe rebuilding is quite a common activity post unpacking in many packed malwares.

I hope you find it useful :)
Locked