ollydbg | Corelan Cybersecurity ResearchCorelan Cybersecurity Research

Search Results for: ollydbg

Using DBI for solving Reverse Engineering 101 – Newbie Contest from eLearnSecurity

Published December 10, 2013 |

Introduction Last weekend I had some time so I wanted to have a look at a reversing challenge which you can find here: https://www.ethicalhacker.net/features/special-events/reverse-engineering-101-newbie-contest-webcast-elearnsecurity Reverse Engineering 101 Contest Steps Get the exe to be hacked Break it open and start exploring. The only rule for the challenge is that it has to be solved by […]

Posted in Malware and Reversing | Tagged C#, challenge, corelan, corelan-be-facebook, corelan-coder, corelancoder, crack, dbi, dynamic binary instrumentation, elearnsecurity, elearnsecurity-reverse-engineering, hexedit, ida pro, immunity, m0n0sapiens, patching, Peter Van Eeckhoutte, pin, reverse engineering, reversing

Mirror for BoB’s Immunity Debugger projects

Published August 10, 2012 |

By Peter Van Eeckhoutte (corelanc0d3r)

This page serves as a mirror for 2 Immunity Debugger related projects, written by BoB. Unofficial PDK v1.03 for Immunity Debugger Original project page : http://bob.droppages.com/Projects/Immunity+Debugger/PDK Long ago in November 2008 I created an unofficial Immunity Debugger PDK, and I have now updated it in 2011 for the Immunity Debugger v1.8x plugin format changes. Plugins […]

Tagged article-on-ollydbg-by-corelan-team, best-ollydbg-modifications, download-immunity-debugger-with-plugins, download-imunity-debugger-plungin, exploit-writing-forum, immunity debugger, immunity-debugger-checking-vulnerability-in-exe-modules, immunity-debugger-download, immunity-debugger-exe, immunity-debugger-full-source, immunity-debugger-plugin, immunity-debugger-plugins, immunitydebugger-exe-is-missing-ollydbg, install-immunity-debugger-plugins, modified-immunity-debugger, mona-immunity-debugger, ollydbg-full-source, patch-with-immunity-debugger, plugins-immunity-pve, what-is-the-file-name-program-name-and-exploit-name-for-ollydbg

Reversing 101 – Solving a protection scheme

Published May 14, 2012 |

By Corelan Team (fancy)

In this post, we’ll look at an application reversing challenge from HTS (hackthissite.org) resembling a real-life protection scheme.
Put simple, the program creates a key for your username, and compares it to the one you enter.
The goal of the HTS challenge is to create a key generator, but I just want to demonstrate how to retrieve the password.
Continue reading →

Posted in Malware and Reversing | Tagged active-directory-schema-update-log, app17win-zip, breakpoint, challenge, corelan, corelan-be, corelan-be-ollydbg, corelen-be, crack, ctf, hackthissite, HTS, immunity debugger, keygen, ollydbg-tutorial-command-alt-f9, password, reverse engineering, reversing, reversing-challenge-2012, wargame

Many roads to IAT

Published December 1, 2011 |

By Dinos

A few days ago a friend approached me and asked how he could see the import address table under immunity debugger and if this could be done using the command line.

I figured this would be a good time to take a look at what the IAT is, how we can list the IAT and what common reversing hurdles could be with regards to the IAT.
Continue reading →

Posted in Malware and Reversing | Tagged corelan, iat, ida, immunity, import address directory, import address table, impre, lordpe, monaida-plugin, ollydbg, python, rebuild iat, reconstruct, resetsearchinindex-ps1, restore, reverse, reverse engineering, reversing, view names, windbg

Starting to write Immunity Debugger PyCommands : my cheatsheet

Published January 26, 2010 |

By Peter Van Eeckhoutte (corelanc0d3r)

When I started Win32 exploit development many years ago, my preferred debugger at the time was WinDbg (and some Olly). While Windbg is a great and fast debugger, I quickly figured out that some additional/external tools were required to improve my exploit development experience. Despite the fact that the command line oriented approach in windbg […]

Posted in 001_Security, Development, Exploit Writing Tutorials, Scripts | Tagged api, assemble, cheatsheet, debugger, disassemble, hoe-to-use-mona-at-immunity-debugger, immlib, immunity, immunity debugger, immunity-cheatsheet, immunity-debugger-strcat, module, plugin, pycommand, python, readmemory, script, softice-debuger, tuto-immunity-debugger-python, tutorial-debugging-using-immunity

Exploit writing tutorial part 7 : Unicode – from 0x00410041 to calc

Published November 6, 2009 |

By Peter Van Eeckhoutte (corelanc0d3r)

Finally … after spending a couple of weeks working on unicode and unicode exploits, I’m glad and happy to be able to release this next article in my basic exploit writing series : writing exploits for stack based unicode buffer overflows (wow – that’s a mouthful). You may (or may not) have encountered a situation […]

Posted in 001_Security, Exploit Writing Tutorials, Exploits | Tagged 00410041, 0x00410041, 0x06, 0xeb, alpha2, BufferRegister, Building IA32 'Unicode-Proof' Shellcodes, chris anley, code page, Creating Arbitrary Shellcode in Unicode Expanded string, dave aitel, decoder, eax, eip, exploit, fx, msfencode, MultiByteToWideChar, nseh, null bytes, ollyuni, prepend, pvefindaddr, seh, shellcode, skylined, unicode, unicode jump seh, utf-16, utf-7, utf-8, venetian, vense.pl

Exploit writing tutorial part 6 : Bypassing Stack Cookies, SafeSeh, SEHOP, HW DEP and ASLR

Published September 21, 2009 |

By Peter Van Eeckhoutte (corelanc0d3r)

Introduction In all previous tutorials in this Exploit writing tutorial series, we have looked at building exploits that would work on Windows XP / 2003 server. The success of all of these exploits (whether they are based on direct ret overwrite or exception handler structure overwrites) are based on the fact that a reliable return […]

Posted in 001_Security, Exploit Writing Tutorials, Exploits | Tagged !aslrdynamicbase, 2003, 4141414, 8, access violation, add esp, address space layout randomization, adjust ebp, adjust esi, alwaysoff, alwayson, aslr, before function returns, buffer, buffer overflow, bypass, call, compiler, cookie, data execution prevention, dep, dword ptr, exception handler, exploit, gs, hack, handler, immdbg, immunity, jmp, jump, Kifastsystemcallret, ldrpchecknxcompatibility, linker, loaded module, mov al, moveimages, next seh, non exec, nseh, ntsetinformationprocess, nx, ollydbg, optin, optout, partial overwrite, plugin, prevention, processexecute, protection, protectvirtualmemory, pvefindaddr, pycommand, python, ret2libc, safeseh, saved ebp, saved eip, se handler, se structure, sehop, stack, stack overflow, switch, virtual function call, vista, windbg, windows 7, xd, xp

Exploit writing tutorial part 5 : How debugger modules & plugins can speed up basic exploit development

Published September 5, 2009 |

By Peter Van Eeckhoutte (corelanc0d3r)

In the first parts of this exploit writing tutorial, I have mainly used Windbg as a tool to watch registers and stack contents while evaluating crashes and building exploits. Today, I will discuss some other debuggers and debugger plugins that will help you speed up this process. A typical exploit writing toolkit arsenal should at […]

Posted in 001_Security, Exploit Writing Tutorials, Exploits | Tagged !aslrdynamicbase, !findtrampoline, address call, address jmp, aslr, buffer, byakugan, call esp, eip, esp, esp found, findreturn, found valid, hunt, identbuf, immdbg, immunity, jmp, jmp esp, jutsu, listbuf, memdiff, metasploit, msec, pattern_create, pattern_offset, pop, pycommand, ret, return address, rmbuf, safeseh, searchopcode, shellcode, valid return, vista

Exploit writing tutorial part 3b : SEH Based Exploits – just another example

Published July 28, 2009 |

By Peter Van Eeckhoutte (corelanc0d3r)

In the previous tutorial post, I have explained the basics of SEH based exploits. I have mentioned that in the most simple case of an SEH based exploit, the payload is structured like this : [Junk][next SEH][SEH][Shellcode] I have indicated that SEH needs to be overwritten by a pointer to “pop pop ret” and that […]

Posted in 001_Security, Exploit Writing Tutorials, Exploits | Tagged bof, buffer, corelan-be-seh, corelan-seh-tutorial, edx, eip, exploit, junk nseh, milw0rm, nseh, ollydbg, overflow, payload, perl, safeseh, seh, shellcode, stack, windbg, xcc

Exploit writing tutorial part 3 : SEH Based Exploits

Published July 25, 2009 |

By Peter Van Eeckhoutte (corelanc0d3r)

In the first 2 parts of the exploit writing tutorial series, I have discussed how a classic stack buffer overflow works and how you can build a reliable exploit by using various techniques to jump to the shellcode. The example we have used allowed us to directly overwrite EIP and we had a pretty large […]

Posted in 001_Security, Exploit Writing Tutorials, Exploits | Tagged !exploitable, buffer, buffer overflow, cygwin, dep, dll modload, exception, exception handler, exploit, exploit laboratory, fs:[0], handler, memdump, msec.dll, msfpescan, next seh, ollydbg, pop pop ret, safeseh, seh, shellcode, stack, stack overflow, teb, tib, windbg

Corelan Cybersecurity Research

:: Knowledge is not an object, it's a flow ::

Search Results for: ollydbg

Using DBI for solving Reverse Engineering 101 – Newbie Contest from eLearnSecurity

Mirror for BoB’s Immunity Debugger projects

Reversing 101 – Solving a protection scheme

Many roads to IAT

Starting to write Immunity Debugger PyCommands : my cheatsheet

Exploit writing tutorial part 7 : Unicode – from 0x00410041 to calc

Exploit writing tutorial part 5 : How debugger modules & plugins can speed up basic exploit development

Exploit writing tutorial part 3b : SEH Based Exploits – just another example

Exploit writing tutorial part 3 : SEH Based Exploits

Corelan Training

Donate

Corelan Team Merchandise

Corelan on Slack

Actions

Categories

Hi there!

We have good news for you!