manthis
June 18th, 2009, 10:48
Hello new friends. I've floated on this forum for a couple months deciding if I wanted to be a member or not.
I made my decision obviously.
For the first post of my membership I'd hate to ask a question but since I am having it right now I figured I'd ask. I have a goal set in my head that I can break example program by xxx date. This forces me to learn since I am very bad without setting goals.
I am reversing an executable currently that as far as I can tell is a C++/.Net.
PEiD ident's what I surmised but I am pretty sure there is encryption/obfustication at work. The use of writing to address space 0x00000000 leads me to believe there is some primitive anti-debug.
I found plaintext "xenocode" in the executable and it appears that there is a commercial product for obfuscation by the same name.
When I try to pause execution and start again the application terminates.
I'm not sure if that is due to use of RDTSC / CPUID method yet because I am still analyzing the code.
Any advice on how I can better tackle the task?
I'm using ollydbg, with ollydump, and olyadvanced, ollysync and IDA Pro
I made my decision obviously.
For the first post of my membership I'd hate to ask a question but since I am having it right now I figured I'd ask. I have a goal set in my head that I can break example program by xxx date. This forces me to learn since I am very bad without setting goals.
I am reversing an executable currently that as far as I can tell is a C++/.Net.
PEiD ident's what I surmised but I am pretty sure there is encryption/obfustication at work. The use of writing to address space 0x00000000 leads me to believe there is some primitive anti-debug.
I found plaintext "xenocode" in the executable and it appears that there is a commercial product for obfuscation by the same name.
When I try to pause execution and start again the application terminates.
I'm not sure if that is due to use of RDTSC / CPUID method yet because I am still analyzing the code.
Any advice on how I can better tackle the task?
I'm using ollydbg, with ollydump, and olyadvanced, ollysync and IDA Pro