HITB 2011 CTF - Reversing Vectored Exception Handling (VEH)

Corelan Team (fancy) April 3, 2011
This article has 6,339 views
Print Friendly, PDF & Email

Introduction

Today we will have a look at a CTF binary from HITB pre qualifications CTF 2011:

http://conference.hackinthebox.org/hitbsecconf2011ams/?p=1333

 

This is an interesting binary to reverse because Vectored Exception Handling (VEH) was used in the challenge. As this was new to me, I documented how it works and wanted to share a short reversing write-up of the binary.

You can download the binary (windows_challenge.exe) here

 

Thanks to skier_ and the HITB crew for generating such an awesome CTF binary.

Come along...........and enjoy!

Fancy

 

Note: I used windows XP SP3 so maybe the addresses here in this video may differ from the addresses on your box.

Video

Interesting links:

http://msdn.microsoft.com/en-us/magazine/cc301714.aspx
http://msdn.microsoft.com/en-us/library/ms681420%28v=vs.85%29.aspx
http://msdn.microsoft.com/en-us/library/ms679274%28v=vs.85%29.aspx

I hope you found this useful πŸ™πŸ» πŸ€—


If you got value from this, pass it on to someone who should see it too. πŸ’›
Many thanks in advance!

If you want to learn all ins and outs on exploit development for Windows Userland, in a structured & hands-on way please check out my Corelan training classes. They're high-quality and affordable! And they're the perfect prep to obtain the CCED title.
We're teaching classes all over the world, check out our schedules page for more info.

Are you a student on a tighter budget? Check out β˜€οΈ Corelan Summercamp β˜€οΈ!

Of course, if you have any questions about this article, feel free to ask questions in our Discord server.

Follow me on socials!

Have a great day!

- Peter

Β© Corelan Consulting BV. All rights reserved. ​The contents of this page may not be reproduced, redistributed, or republished, in whole or in part, for commercial or non-commercial purposes without prior written permission from Corelan Consulting bv. See our Terms of Use & Privacy Policy (https://www.corelan.be/index.php/legal) for more details.

Discover more from Corelan | Exploit Development & Vulnerability Research

Subscribe to get the latest posts sent to your email.



Similar/Related posts:

Default ThumbnailMalicious pdf analysis : from price.zip to flashplayer.exe Debugging - WinDBG & WinDBGX Fundamentals Default ThumbnailWhy Vista 32bit doesn’t use more than 3Gb of memory, even if you have more RAM installed Default ThumbnailStarting to write Immunity Debugger PyCommands : my cheatsheet Default ThumbnailCorelan T-Shirt contest - Derbycon 2012

About the author

Tags:

, , , , , , ,