You are here: Hex Rays > Hex-Rays Blog

Hex-Rays Blog ^{State of the art code analysis}

Page 22 of 22

Stealth plugin

Posted on: 13 Nov 2005

By: Ilfak Guilfanov

Categories: Uncategorized

Tags:

The last time I showed you a simple trick with conditional breakpoints. Today I will present you a plugin which automates these breakpoints – to the extent that a protected malware like the Zotob worm can be unpacked.

Simple trick to hide IDA debugger

Posted on: 04 Nov 2005

By: Ilfak Guilfanov

Categories: IDA Pro

Tags:

Quite often IDA users ask for a plugin or feature to hide the debugger from the application. In fact there are many anti-debugging tricks and each of them requires an appropriate reaction from the debugger, let’s start with something simple: we will make the IsDebuggerPresent function call always return zero.

Several files in one IDB, part 4

Posted on: 30 Oct 2005

By: Ilfak Guilfanov

Categories: IDA Pro

Tags:

Final method of loading several files into a database

TLS callbacks

Posted on: 25 Oct 2005

By: Ilfak Guilfanov

Categories: IDA Pro

Tags:

I promised to tell you about the TLS callbacks. Here is the discussion.

Several files in one IDB, part 3

Posted on:

By: Ilfak Guilfanov

Categories: IDA Pro

Tags:

The third method to create a database with several PE files.

Several files in one IDB, part 2

Posted on: 22 Oct 2005

By: Ilfak Guilfanov

Categories: IDA Pro

Tags:

The second method to create a database with several PE files.

Several files in one IDB

Posted on: 19 Oct 2005

By: Ilfak Guilfanov

Categories: IDA Pro

Tags:

IDA Pro can load one PE file into a database and analyze it. Some users assume this is the maximum. Let’s take a closer look at the situation…

Welcome!

Posted on: 13 Oct 2005

By: Ilfak Guilfanov

Categories: Uncategorized

Tags:

This is the first entry in the blog.

>

< 1 2 3 … 20 21 22