HITB 2011 CTF – Reversing Vectored Exception Handling (VEH)

Corelan Team (fancy) April 3, 2011
This article has 5,560 views

Introduction

Today we will have a look at a CTF binary from HITB pre qualifications CTF 2011:

http://conference.hackinthebox.org/hitbsecconf2011ams/?p=1333

 

This is an interesting binary to reverse because Vectored Exception Handling (VEH) was used in the challenge. As this was new to me, I documented how it works and wanted to share a short reversing write-up of the binary.

You can download the binary (windows_challenge.exe) here

 

Thanks to skier_ and the HITB crew for generating such an awesome CTF binary.

Come along………..and enjoy!

Fancy

 

Note: I used windows XP SP3 so maybe the addresses here in this video may differ from the addresses on your box.

Video

You can watch a full screen version here or download the video here



Similar/Related posts:

Default ThumbnailWhy Vista 32bit doesn’t use more than 3Gb of memory, even if you have more RAM installed Default ThumbnailReversing 101 – Solving a protection scheme Default ThumbnailCorelan T-Shirt contest – Derbycon 2012 Default ThumbnailStr0ke R.I.P. (or alive & kicking ?) Default ThumbnailHappy New Year – here’s my special gift to you, corelanc0d3r

Tags:

, , , , , ,

© Corelan Consulting BV. All rights reserved. ​The contents of this page may not be reproduced, redistributed, or republished, in whole or in part, for commercial or non-commercial purposes without prior written permission. See the Terms of Use and Privacy Policy for details.