The Legend Of Random

Tavis Ormandy has come out with an amazing article on exploiting .rar files. Apparently, there is a virtual machine that runs with rar files (used for filtering) but can be programmed manually. Tavis shows how a hello world can be executed automatically when opening a .rar file. I am sure we will hear more about this exploit in the future. In the meantime, read the article . It’s fascinating…

I just wanted to take a minute and give a shout out to the moderators of this site. Without them, this site would not be anywhere near as great a site as it is. Besides the constant bombardment of spam they must deal with (the benefits of a site growing in popularity) they also answer questions with lightning speed and help contribute a great deal behind the scenes.

So cheers to Nwokiller and Xor06 (Rip06), and thanks for all the hard work!

There are a couple ways of injecting a splash screen into a binary. Unfortunately, none of them easy. The way I will show in this tutorial is the easiest I’ve come across, though there may be simpler options out there. The problem arises from the fact that a bitmap is a resource, and as such, goes in the resources section of a binary. Injecting resources into a compiled binary’s resource section is a recipe for a quick headache.

The method we’ll be using is to create a DLL file with the resource included in it, and then call this DLL from our target binary. Because it’s a DLL, we can load it automatically by changing very little in the binary, as we can just add it to the list of DLLs the binary requires. This also gives us the benefit of running the code in our DLL automatically instead of having to create a code cave.

In this tutorial we will be creating a DLL from scratch using assembly, so you will need an assembly language compiler. I use RadASM (and it will be more convenient if you use this IDE as well as your code will exactly match mine), but it is not a requirement. If you are not comfortable using RadASM and want to learn, please see my series of tutorials on RadASM on the tutorials page, which comes with a full download of the RadASM suite and everything you need to run it.

As with all of my tutorials, the required files for this tutorial are in the downloads, available on the tutorials page. In addition to these files, we will be using IIDKing, available on the tools page.

If you haven’t already read my previous tutorials on modifying binaries, I highly recommend you do (at least the tutorial on injecting a message box).

(continue reading…)

I came across this nice intro to assembly on Windows while looking at another site. It is by Jeff Huang. Deffinitely not all-encompasing, but a nice intro to the subject.

Ayoub Faouzi has just started a series of odd interesting tutorials at Infosec comparing assembly to Java, and how they are different. Very intriguing angle. Check it out.

DPOHS BUVMB UJPOT ZPVIB WFTPM WFEBT JNQMF DJQIF
STUPQ UIJTN FBOTZ PVIBW FUIFT LJMTB OEUIF EFTJS
FUPGJ HVSFU IJOHT PVUTU PQJGZ PVTPM WFUIJ TDJQI
FSQNN FBOEM FUNFL OPXZP VSVTF SOBNF BTJBN NBLJO
HBMJT UPGDJ QIFSI FBETEP OPUQP TUBOZ UIJOH BCPVU
UIJTT UPQTU BZUVO FEGPS NPSFJ OTUSV DUJPO TTUPQ
SBOEPN