Log in

View Full Version : new friends


manthis
June 18th, 2009, 10:48
Hello new friends. I've floated on this forum for a couple months deciding if I wanted to be a member or not.

I made my decision obviously.

For the first post of my membership I'd hate to ask a question but since I am having it right now I figured I'd ask. I have a goal set in my head that I can break example program by xxx date. This forces me to learn since I am very bad without setting goals.

I am reversing an executable currently that as far as I can tell is a C++/.Net.

PEiD ident's what I surmised but I am pretty sure there is encryption/obfustication at work. The use of writing to address space 0x00000000 leads me to believe there is some primitive anti-debug.

I found plaintext "xenocode" in the executable and it appears that there is a commercial product for obfuscation by the same name.

When I try to pause execution and start again the application terminates.

I'm not sure if that is due to use of RDTSC / CPUID method yet because I am still analyzing the code.



Any advice on how I can better tackle the task?

I'm using ollydbg, with ollydump, and olyadvanced, ollysync and IDA Pro

manthis
June 18th, 2009, 13:04
Nvm.

Found what I needed I think.