Comments on: R4ndom’s Tutorial #22: Code Caves and PE Sections

By: tasikmalaya

tasikmalaya — Tue, 09 Jul 2013 18:00:29 +0000

the file used this method now always detected as virus by an antivirus, but loader or injector is still safe

By: kdma

kdma — Fri, 12 Oct 2012 12:38:59 +0000

great crackme with just one call its possibile to make it keygen itself

By: R4ndom

R4ndom — Fri, 28 Sep 2012 22:09:12 +0000

Because I forgot.

By: Lee

Lee — Fri, 28 Sep 2012 20:26:31 +0000

Also, why “xor eax, eax; push eax” instead of “push 0″?

By: Lee

Lee — Thu, 27 Sep 2012 21:08:57 +0000

Second code cave (keygenme.exe) quits if it detects a debugger, but it’s easy enough to patch out:

Address 004012B2: JE to JMP
Or NOP the whole thing, etc.

By: Hanan

Hanan — Mon, 24 Sep 2012 07:02:13 +0000

Seems that the second file Keygenme2.exe has antidebugging routines and doesn’t work good at my win7.

Good work.

By: R4ndom

R4ndom — Thu, 20 Sep 2012 23:59:37 +0000

I agree with you that, when dealing with snippets, CodeSnippetCreater is far and away more feature rich, but in the context of adding code caves to Olly, I will choose MUltimate Assembler every time.

By: Ange

Ange — Thu, 20 Sep 2012 21:34:40 +0000

Multimate is awesome to keep useful snippets under the hood, but if you want to do some very serious ASM patching, try Iczelion’s CodeSnippetCreator – it’s just much more powerful!

By: symeon

symeon — Thu, 20 Sep 2012 19:12:10 +0000

Wow, fantastic post, thanks for that!
Cheers.