Feryno over at the x86asm.net site has released a debugger for AMD 64-bit apps. Looks very promising, and it goes to show what can be accomplished in assembly language (this debugger uses FASM.) As you can see, there is a tremendous amount of data displayed in the debugger:
There is also a version for Linux.
Let’s start by adding an icon. Load up our HelloWorld project from the last tutorial. Click on Project->Resources. This will bring up the Resources window:
We continue our tutorials on RadASM by creating a new project that creates a dialog box with two bitmaps and two buttons. You can download the required files in the download of this tutorial on the tutorials page.
Just in time for my next tutorial on TLS callbacks, Waliedassar has been gracious enough to release a new version of his awesome plugin TLSCatch for OllyDBG 1.0. In case you don’t know, TLS callbacks allow code to be run BEFORE Olly has a chance to trap execution. This technique is used often (and more and more so recently) by malware to thwart reverse engineers. TLSCatch enables Olly to stop execution at the beginning of a TLS callback, allowing the very first code that is run in the executable to be viewed.
You can download v 0.3 on the tools page. I will also be including it in the download of my next tutorial.
As some of you know, in the forums I brought up what the ultimate cracking/reversing tool would look like. There are several cracking tools out there. By ‘cracking tool’ I mean tools that are specifically designed to make a cracker/reverse engineer’s life easier. These currently include such features as
I decided to have a look at some of the various tools that perform some of these functions, just to get a frame of reference on what’s available and what’s not. I have thus compiled a list of the more popular ones, what their functions are, and my opinion of them. At the end, I will propose some addition features that would go into an ‘ideal’ tool. Who knows, maybe someone will pick up the charge.
Note: I will not be including any tools that just do one thing, for example packer detectors that only identify packers.
Many of you have probably heard of Resource Hacker FX and 7+ Taskbar Tweaker from RaMMicHaeL (if you haven’t, check them out).Well, he has a (relatively) new plugin for Olly v1 that is a true life saver. Is is called MUltimate Assembler . Where this guy really shines is when doing code caves and adding a lot of code for packers. It is a plugin that allows multi-line assembling, with support for labels and C-style strings:
Heck, you could even use it as an assembly language IDE!. In my next tutorial, on code caves, I will be using this great plugin so you will be able to see it in action.
Also, as RaMMichaeL is doing the Good Work out there, if you have a chance and like his plugin, consider donating . Too few of the contributes out there get recognition for what they’re doing.
http://rammichael.com/
ps.You can also download the plugin on the tools page.
DonDD from the REPT forums has come out with a new tool that I have been looking for for a long time. A simple compare utility that compares disassembled code. I have tons of compare utilities, all that compare raw hex bytes, but none of them will show the differences based on a disassembly of the binaries. This tool is simple, yet powerful. You can view the differences or save them into a log file. You can also compare raw hex and PE Headers. If you’ve ever written tutorials on patching binaries, you know why this is such a needed tool. DonDD is my new hero. In fact, I am so happy that this tool came out, I am adding it to my Reverse Engineering Toolbox tutorial .
If for some reason the link fails above, I have also posted this utility on the tools page.
Zer0Flag, an official friend of the Legend of Random site, has released a new plugin for OllyDBG 2.0 called OllyCallstack. From the author:
“Just wanted to get into the development of OllyDbg Plugins and displaying the call stack is a feature that I missed in Olly 2.x so I wrote a little Plugin which offers some basic information about the call stack.”
(Click on picture to view larger image)
“The Function at the top is always the last called and a double click on a row brings you to the disassembly view with the selected address. But you need a target loaded and it must be in suspended mode else the window won´t show you the call stack. Also it doesn´t update when you step while having the window of the Plugin open so you need to press the Plugin function in your menu again to update the view.
Plugin + Source is in the attachment – Tested with OllyDbg 2.01b2 on WinXP SP3 and Win7 SP1″
The plugin is available on the tools page. Any comments, suggestions or questions? Leave a comment here and Zer0Flag will be checking this page, answering questions and what-not. Nice going Zer0Flag, and keep up the good work.
Welcome to Part 7 of of R4ndom’s tutorials on Reverse Engineering. This time, we will be cracking two crackmes; one to re-iterate last tutorial’s concepts, and one that we are going to have a little fun with 
In the download of this tutorial, you will find these two crackmes as well as the program “Resource Hacker” that we will be using on the second crackme. You can also download this tool on the tools page.
You can download the files and PDF version of this tutorial on the tutorials page.
