A suggestion for a disassembler/debugger?

[hullboy]

I downloaded Ollydbg and it seems a very nice free program to disassemble/debug.

I heard also about Ida Pro... is it really so better?

What's the disassembler/debugger you prefer? The one you use in preparing patches.

Do you have a fully functional version?

In case this is a subject not allowed here, please move it to the proper section :rolleyes:

[Atasas]

? what is it again?/ where from?

[Jota.Ce]

I read many posts in another forums (yeah i'm cheating on you, nsaners) and people i know are using Olly only.

I tried it and feels nice.

PS: But mine is a limited point of view.

[spootnack]

Hello.

Ask to Tony and the others, IDA is the most powerful, I think.... -_-

++

[hullboy]

Hello.

Ask to Tony and the others, IDA is the most powerful, I think.... -_-

++

Tony... who?

[spootnack]

Tony....blair => tonyblair

++

[tonyblair]

I downloaded Ollydbg and it seems a very nice free program to disassemble/debug.

What's the disassembler/debugger you prefer? The one you use in preparing patches.

:rolleyes:

You are welcome in our thread " Crack Heads III" , we will be very happy to increase our team with another reverser.

My point of view :

1- Reversing is like fixing a car : we need in the garage all different types of tools ( universal, special ..).

2- To come out with good result (patch or valid key) , we need to master if possible more than one debugger. (Olly, Ida, Windebug, Bochs, Reflector ..)

3- Hopefully we (reverser) are different in the approach we use to understand the assembly of an application and break its secrets. Thanks to the difference in our experience of life and then how our brain function. Some of us likes reading books and other watching movies.

Ida Pro has a graphical interface, for me it is magic. But for others it is useless.

So my point here is : The answer to your question is "experience" , your unique experience with any specific tool.

I heard also about Ida Pro... is it really so better?

There are very few documentation about how to use it. So If you are a beginner avoid it.

Do you have a fully functional version?

Funny question :lol:.

how to fix a car with a not fully functional screwdriver.

[hullboy]

Thank you all, guys, for your replies. :)

I managed to have a fully functional ;) version of Ida Pro 5.5 and I found this tutorial site

h**p://www.woodmann.com/TiGa/index.html

and this Board

h**p://www.woodmann.com/forum/index.php

that explain the subject.

I am only a newbie that wants to learn (but my age and allowable time do not favor this hobby)... we will see in the future if I will be able to join your Team.

All the best B) ;)

*EDIT*

I found also this nice site

h**p://www.tuts4you.com/download.php?list.17

to download some Ollydbg tutorials.

Could some explain why some "test" programs are seen as viruses? (for example in tutorial 15 & 20)

Even in Ollydbg official site I cannot download rtrace.exe because my NOD32 says it is a trojan.

Obviously they are False Positives but my question is "Why, such simple programs used as tutorials have something in their code similar to trojan/viruses"

[box]

I read many posts in another forums (yeah i'm cheating on you, nsaners) and people i know are using Olly only.

I tried it and feels nice.

PS: But mine is a limited point of view.

I tried it also with a tutorial on how to make your own keygen. For me, it was cold and distant just like staring in a mirror. It doesn't even say hi or greet you in the morning. That's not the type of relationship I am interested in. :wub:

I usually focus on full trial versions because my cracking ability is limited since I am not a software programmer by profession. I leave the keygen to the more advanced crakers. I usually try to make all my cracks without altering any of the original files. I suppose the authors wrote the codes that way for a reason. (Since I am not a software programmer, I would never know.)

[tonyblair]

Could some explain why some "test" programs are seen as viruses? (for example in tutorial 15 & 20)

Even in Ollydbg official site I cannot download rtrace.exe because my NOD32 says it is a trojan.

Obviously they are False Positives but my question is "Why, such simple programs used as tutorials have something in their code similar to trojan/viruses"

First of all : Reversing is not matter of age nor available time, it is a Hobby (you have it or you do not have it).

Please forget about test programs, crackme.exe and others.The best (for me) tutorial is : 

1- you choose a program funny enough for you  to crack

2- This application should not be packed (AsPack or similar). To Identify that, please use PROTECTiON iD v6.2.3

3- Install a VMware like VirtualBox and work only in this environment. (No more fear of trojan/viruses)

4- Disassemble it with debugger of your choice.

5- And learn by yourself step by step on how to use your debugger. Do not try to get quickly a result.

As you will face obstacles, you will for sure have questions. So please come back here and ask, we will be happy to help you.

I repeat here, the secret is your own experience with assembly language, knowledge of Windows API's and your tools.

Cheers  :coolwink:

  

[spootnack]

Could some explain why some "test" programs are seen as viruses? (for example in tutorial 15 & 20)

Even in Ollydbg official site I cannot download rtrace.exe because my NOD32 says it is a trojan.

Obviously they are False Positives but my question is "Why, such simple programs used as tutorials have something in their code similar to trojan/viruses"

First of all : Reversing is not matter of age nor available time, it is a Hobby (you have it or you do not have it).

Please forget about test programs, crackme.exe and others.The best (for me) tutorial is : 

1- you choose a program funny enough for you  to crack

2- This application should not be packed (AsPack or similar). To Identify that, please use PROTECTiON iD v6.2.3

3- Install a VMware like VirtualBox and work only in this environment. (No more fear of trojan/viruses)

4- Disassemble it with debugger of your choice.

5- And learn by yourself step by step on how to use your debugger. Do not try to get quickly a result.

As you will face obstacles, you will for sure have questions. So please come back here and ask, we will be happy to help you.

I repeat here, the secret is your own experience with assembly language, knowledge of Windows API's and your tools.

Cheers  :coolwink:

  

Very interessant, thanks Tony ! :rolleyes:

++

[hullboy]

Thanks :)

Is there a list of fundamental items to begin with this "hobby"?

Let me begin...

1. Ollydbg

2. Hiew

3. Resource Hacker

4. VirtualBox

5. .... what else?

[shajt]

In 1st place you need brain.

You can have all the tools in this world, it wouldn't help if you don't understand what is going on.

You can start with tutorials (lena tutorials are great for newbies) and then try to reverse something without any help, starting with something simple.

You gotta have some knowledge of machine code, I can recommend this (I haven't seen this one because I don't need it but it's video tutorial and I guess it's good, and it's new which is good) :

http://www.freshwap.net/forums/e-books-tutorials/183411-vtc-assembly-language-programming-2009-a.html

Best of luck, if you have some questions feel free to ask :)

[tonyblair]

@shajt my friend.

You have always very good links.  :D

I am downloading your e-book, to see what is inside. :)

[shajt]

It's not e-book , like I've said...Video tutorial (he will better understand from video then reading e-book) :)

And btw you don't need that :P

[shajt]

I've downloaded it and saw few lessons.

Wow, this is pretty good stuff, author is old school (and I'm huge fan of old school ^_^ ) , he talks funny and I enjoyed watching it.

I'm for sure gonna watch it all the way, there is always something to learn ;)

It may sound scary and confusing for newbie but I don't think that there is a better tutorial on ASM

Yeah, it's hard but you either dig it or you don't :)

[hullboy]

Thanks

I found also some nice video tutorials here

h**p://www.binary-auditing.com/videos/

Anyway you haven't yet replied about the "minimal kit" ;)

[shajt]

Only tool you need is OllyDbg.

Of course first thing before using Olly is to find out if target is packed and with what, you can use PEID for that or ProtectionID

You can use any other tool only if you need it, sometimes you will need them but in most cases Olly is everything you'll need.

Listen....go here and watch all this tutorials , start from very first and don't skip (for example don't watch number 04 if number 01 is not seen etc.) , tutorials are linear and in perfect order.

You can find all tutorials here :

http://tuts4you.com/download.php?list.17

The table of contents:

1. Olly + assembler + patching a basic reverseme

2. Keyfiling the reverseme + assembler

3. Basic nag removal + header problems

4. Basic + aesthetic patching

5. Comparing on changes in cond jumps, animate over/in, breakpoints

6. _The plain stupid patching method_, searching for textstrings

7. Intermediate level patching, Kanal in PEiD

8. Debugging with W32Dasm, RVA, VA and offset, using LordPE as a hexeditor

9. Explaining the Visual Basic concept, introduction to SmartCheck and

configuration

10. Continued reversing techniques in VB, use of decompilers and a basic

anti-anti-trick

11. Intermediate patching using Olly's _pane window_

12. Guiding a program by multiple patching.

13. The use of API's in software, avoiding doublechecking tricks

14. More difficult schemes and an introduction to inline patching

15. How to study behaviour in the code, continued inlining using a pointer

16. Reversing using resources

17. Insights and practice in basic (self)keygenning

18. Diversion code, encryption/decryption, selfmodifying code and polymorphism

19. Debugger detected and anti-anti-techniques

20. Packers and protectors : an introduction

21. Imports rebuilding

22. API Redirection

23. Stolen bytes

24. Patching at runtime using loaders from lena151 original

25. Continued patching at runtime & unpacking armadillo standard protection

26. Machine specific loaders, unpacking & debugging armadillo

27. tElock + advanced patching

28. Bypassing & killing server checks

29. Killing & inlining a more difficult server check

30. SFX, Run Trace & more advanced string searching

31. Delphi in Olly & DeDe

32. Author tricks, HIEW & approaches in inline patching

33. The FPU, integrity checks & loader versus patcher

34. Reversing techniques in packed soft & A S&R loader for aspr

35. Inlining inside polymorphic code

36. Keygenning

37 In-depth unpacking & anti-anti-debugging a combination packer / protector.

38 This time unpacking is continued & she takes a look in to the world

of debugger detection by DLL's and TLS.

39 Inlining a blowfish scheme in a packed & CRC protected DLL +

unpacking ASProtect SKE 2.2

40 Obfuscation and algorithm hiding.

[hullboy]

Thanks :)

I found also this one

h**p://forum.accessroot.com/arteam/site/news.php

with a lot of tutorials

and today I read and made exercises with the "PE File Format Compendium", and inside it I learned how

"Adding Code to a PE File" and

"Adding Imports to an Executable" with Olly and LordPE

A lot of things to learn and have fun ;)

[box]

Only tool you need is OllyDbg.

Of course first thing before using Olly is to find out if target is packed and with what, you can use PEID for that or ProtectionID

You can use any other tool only if you need it, sometimes you will need them but in most cases Olly is everything you'll need.

Listen....go here and watch all this tutorials , start from very first and don't skip (for example don't watch number 04 if number 01 is not seen etc.) , tutorials are linear and in perfect order.

You can find all tutorials here :

http://tuts4you.com/download.php?list.17

The table of contents:

1. Olly + assembler + patching a basic reverseme

2. Keyfiling the reverseme + assembler

3. Basic nag removal + header problems

4. Basic + aesthetic patching

5. Comparing on changes in cond jumps, animate over/in, breakpoints

6. _The plain stupid patching method_, searching for textstrings

7. Intermediate level patching, Kanal in PEiD

8. Debugging with W32Dasm, RVA, VA and offset, using LordPE as a hexeditor

9. Explaining the Visual Basic concept, introduction to SmartCheck and

configuration

10. Continued reversing techniques in VB, use of decompilers and a basic

anti-anti-trick

11. Intermediate patching using Olly's _pane window_

12. Guiding a program by multiple patching.

13. The use of API's in software, avoiding doublechecking tricks

14. More difficult schemes and an introduction to inline patching

15. How to study behaviour in the code, continued inlining using a pointer

16. Reversing using resources

17. Insights and practice in basic (self)keygenning

18. Diversion code, encryption/decryption, selfmodifying code and polymorphism

19. Debugger detected and anti-anti-techniques

20. Packers and protectors : an introduction

21. Imports rebuilding

22. API Redirection

23. Stolen bytes

24. Patching at runtime using loaders from lena151 original

25. Continued patching at runtime & unpacking armadillo standard protection

26. Machine specific loaders, unpacking & debugging armadillo

27. tElock + advanced patching

28. Bypassing & killing server checks

29. Killing & inlining a more difficult server check

30. SFX, Run Trace & more advanced string searching

31. Delphi in Olly & DeDe

32. Author tricks, HIEW & approaches in inline patching

33. The FPU, integrity checks & loader versus patcher

34. Reversing techniques in packed soft & A S&R loader for aspr

35. Inlining inside polymorphic code

36. Keygenning

37 In-depth unpacking & anti-anti-debugging a combination packer / protector.

38 This time unpacking is continued & she takes a look in to the world

of debugger detection by DLL's and TLS.

39 Inlining a blowfish scheme in a packed & CRC protected DLL +

unpacking ASProtect SKE 2.2

40 Obfuscation and algorithm hiding.

I haven't watched the video yet, but did it mentioned me at all in #6.

[shajt]

I haven't watched the video yet, but did it mentioned me at all in #6.

xexe nice one ;)

btw she is very good, would have never guessed that author of these videos is a women :wub: