Shub-nigurrath
August 8th, 2007, 08:19
Hi all,
this time the announce is very special for two reasons: this is another tutorial I wrote these days and it is the number 200
yes, we released so far 200 original unreleased tutorials, this is an astonishing result and I wish to thanks all our fellows in this adventure and all of those who contributed in writing tutorials and genarally speaking keeping our community alive and so active. Let continue this wonderful experiment we call ARTEAM have to live for a long time till.
This is the tutorial..
Reversing Of A Protection Scheme Based On Drivers: Sandboxie
Sometime happens to fall into an interesting protection which reveals to be nicely implemented and nice to describe into a tutorial. This time is the turn of SandBoxie, a program that has an nice protection schema. I thought it could have been useful to reverse and document in a tutorial, mostly because I used a lot a combination of OllyDbg and IDA Debugger. This time I preferred using IDA as much as possible to understand the code and then OllyDbg only to verify the assumptions done. This method of investigation is usually very common when you have to analyze malware, but also very handy, because IDA allows saving of reversing sessions, code editing, name changing and so on.
http://tutorials.accessroot.com
BR,
Shub
this time the announce is very special for two reasons: this is another tutorial I wrote these days and it is the number 200
yes, we released so far 200 original unreleased tutorials, this is an astonishing result and I wish to thanks all our fellows in this adventure and all of those who contributed in writing tutorials and genarally speaking keeping our community alive and so active. Let continue this wonderful experiment we call ARTEAM have to live for a long time till.
This is the tutorial..
Reversing Of A Protection Scheme Based On Drivers: Sandboxie
Sometime happens to fall into an interesting protection which reveals to be nicely implemented and nice to describe into a tutorial. This time is the turn of SandBoxie, a program that has an nice protection schema. I thought it could have been useful to reverse and document in a tutorial, mostly because I used a lot a combination of OllyDbg and IDA Debugger. This time I preferred using IDA as much as possible to understand the code and then OllyDbg only to verify the assumptions done. This method of investigation is usually very common when you have to analyze malware, but also very handy, because IDA allows saving of reversing sessions, code editing, name changing and so on.
http://tutorials.accessroot.com
BR,
Shub