Archive for March 3, 2012

IDA Pro Book, 2nd Edition

Posted: March 3, 2012 in IDA Pro Book
Tags:

The Unofficial Guide to the World’s Most Popular Disassembler
by Chris Eagle

No source code? No problem. With IDA Pro, the interactive disassembler, you live in a source code-optional world. IDA can automatically analyze the millions of opcodes that make up an executable and present you with a disassembly. But at that point, your work is just beginning. With The IDA Pro Book, you’ll learn how to turn that mountain of mnemonics into something you can actually use.

Save time and effort as you learn to:

  • Navigate, comment, and modify disassembly
  • Identify known library routines, so you can focus your analysis on other areas of the code
  • Use code graphing to quickly make sense of cross references and function calls
  • Extend IDA to support new processors and filetypes using the SDK
  • Explore popular plug-ins that make writing IDA scripts easier, allow collaborative reverse engineering, and much more
  • Use IDA’s built-in debugger to tackle hostile and obfuscated code

Table of Contents

Acknowledgments
Introduction

PART I: Introduction to IDA
Chapter 1: Introduction to Disassembly
Chapter 2: Reversing and Disassembly Tools
Chapter 3: IDA Pro Background

PART II: Basic IDA Usage
Chapter 4: Getting Started with IDA
Chapter 5: IDA Data Displays
Chapter 6: Disassembly Navigation
Chapter 7: Disassembly Manipulation
Chapter 8: Datatypes and Data Structures
Chapter 9: Cross-References and Graphing
Chapter 10: The Many Faces of IDA

PART III: Advanced IDA Usage
Chapter 11: Customizing IDA
Chapter 12: Library Recognition Using FLIRT Signatures
Chapter 13: Extending IDA’s Knowledge
Chapter 14: Patching Binaries and Other IDA Limitations

PART IV: Extending IDA’s Capabilities
Chapter 15: IDA Scripting
Chapter 16: The IDA Software Development Kit
Chapter 17: The IDA Plug-in Architecture
Chapter 18: Binary Files and IDA Loader Modules
Chapter 19: IDA Processor Modules

PART V: Real-World Applications
Chapter 20: Compiler Personalities
Chapter 21: Obfuscated Code Analysis
Chapter 22: Vulnerability Analysis
Chapter 23: Real-World IDA Plug-ins

PART VI: The IDA Debugger
Chapter 24: The IDA Debugger
Chapter 25: Disassembler/Debugger Integration
Chapter 26: Additional Debugger Features

Appendix A: Using IDA Freeware 5.0
Appendix B: IDC/SDK Cross-Reference
Index

Download link: (Đủ bộ gồm các định dạng pdf, mobi, epub)

http://www.mediafire.com/?9nw6vmnmjltl39n

Stud_PE 2.6.0.6

Posted: March 3, 2012 in Stud_PE 2.6.0.6
Tags:

Stud_PE The Portable Executables Viewer/Editor (32/64 bit PE files)
view/edit PE basic Header information (DOS also):
  -header structures to hexeditor;
view/edit Section Table:
  – add new section;
view/edit Directory Table:
  -Import/Export Table viewer;
  -Import adder;
  -Resource viewer/editor (save/replace ico/cur/bmp);
Pe Scanner (PEiD sig database):
  -400 packers/protectors/compilers;
Task viewer/dumper/killer;
PEHeader/Binary file compare;
RVA to RAW to RVA;
Drag’nDrop shell menu integration;
Basic HexEditor;

Process regions’ dumper/viewer/editor;

2.6.0.6 – 27 feb 2012
-switched the project from vc6 to VC8; just for your information about 60 Errors and 600 warnings after project conversion; take care, those secure crt fixups drived me crazy, errors may have slept through:); if so, please report and I’ll try to fix them;
– unfortunatelly VC8 breaks the w95 compatibility (shlwapi.dll appears at imports due to mfc AddToRecentFileList which links that dll, not known to w95 os; aslo IsDebuggerPresent not present in w95 but linked by vc8 …and who knows which other functins);
-fixed a gpf reported on program exit;
…more inside nfo.txt

Download here:

http://www.cgsoftlabs.ro/zip/Stud_PE.zip

Regards


Malware analysis is big business, and attacks can cost a company dearly. When malware breaches your defenses, you need to act quickly to cure current infections and prevent future ones from occurring.

For those who want to stay ahead of the latest malware, Practical Malware Analysis will teach you the tools and techniques used by professional analysts. With this book as your guide, you’ll be able to safely analyze, debug, and disassemble any malicious software that comes your way.

You’ll learn how to:

  • Set up a safe virtual environment to analyze malware
  • Quickly extract network signatures and host-based indicators
  • Use key analysis tools like IDA Pro, OllyDbg, and WinDbg
  • Overcome malware tricks like obfuscation, anti-disassembly, anti-debugging, and anti-virtual machine techniques
  • Use your newfound knowledge of Windows internals for malware analysis
  • Develop a methodology for unpacking malware and get practical experience with five of the most popular packers
  • Analyze special cases of malware with shellcode, C++, and 64-bit code
  • Table of Contents

Introduction
Chapter 0: Malware Analysis Primer

Part 1: Basic Analysis
Chapter 1: Basic Static Techniques
Chapter 2: Malware Analysis in Virtual Machines
Chapter 3: Basic Dynamic Analysis

Part 2: Advanced Static Analysis
Chapter 4: A Crash Course in x86 Disassembly
Chapter 5: IDA Pro
Chapter 6: Recognizing C Code Constructs in Assembly
Chapter 7: Analyzing Malicious Windows Programs

Part 3: Advanced Dynamic Analysis
Chapter 8: Debugging
Chapter 9: OllyDbg
Chapter 10: Kernel Debugging with WinDbg

Part 4: Malware Functionality
Chapter 11: Malware Behavior
Chapter 12: Covert Malware Launching
Chapter 13: Data Encoding
Chapter 14: Malware-Focused Network Signatures

Part 5: Anti-Reverse-Engineering
Chapter 15: Anti-Disassembly
Chapter 16: Anti-Debugging
Chapter 17: Anti-Virtual Machine Techniques
Chapter 18: Packers and Unpacking

Part 6: Special Topics
Chapter 19: Shellcode Analysis
Chapter 20: C++ Analysis
Chapter 21: 64-Bit Malware

Appendix A: Important Windows Functions
Appendix B: Tools for Malware Analysis
Appendix C: Solutions to Labs

Download here:

http://www.mediafire.com/?tvtp54ls0dozv6b

Best Regards