reverse-engineering

I don't really understand how to get around IsDebuggerPresent. I think I am supposed to find the registers used for debugging and then set it to 0 to trick IsDebuggerPresent, but I don't know how to do that. I tried searching around Google, and even tried a few solutions but it didn't really work for me. Could someone please explain to me how this should work and how I can bypass this? There are many ways to do it. As you said, it's possible to patch the program's thread block. Here is a tutorial, how to get around IsDebuggerPresent, by simply patching this function so it always returns 0. 1)

I wrote an application that encrypts text in this way: Get the input text Reverse the text Convert to hexadecimal XOR with a key Base64 encode Now, I didn't do a lot of encryption/encoding myself, so my question might sound stupid, but, say I get a file which has a content from the above algorithm and I didn't know about this algorithm. How would one start "breaking" the text, are there any guidelines, principals, rules to follow? My question is not tied to those 5 steps, that was a pure example. As a different example, take the text: A751CD9E1F99. How would I start investigating what this

What should I choose NASM or MASM for learning assembly. I want to learn assembly, motivation being Reverse Engineering. So that when I disassemble some executable, I can understand the code by looking at disassembled code. Update: I think I dint make my self clear.. I understand those are assemblers, but to understand the output of a disassembler I need to know assembly and that's the reason I'm asking where to start(with MASM or NASM) Assuming you want to learn how to do reverse-engineering on Windows , here's how. The Linux Way is very different (although eventually you get to more or less

Is there an application to reverse engineer an existing database in mysql and/or postgre? I'm interested in obtaining the DB diagram from an existing one, similar as it can be done in MSSQL Server Bill Karwin For MySQL, try MySQL Workbench . For both MySQL and PostgreSQL, try TOAD Data Modeler . If you use the open-source diagram app Dia , there are several tools to generate Dia diagrams from SQL databases including MySQL and PostgreSQL. update: MySQL Workbench 5.2 supports reverse-engineering diagrams from a live database in addition to an SQL script. MySQL Workbench 5.2 just announced their

I was snooping through my MSP430 microcontroller's header files, and I ran into this in <setjmp.h> : /* r3 does not have to be saved */ typedef struct { uint32_t __j_pc; /* return address */ uint32_t __j_sp; /* r1 stack pointer */ uint32_t __j_sr; /* r2 status register */ uint32_t __j_r4; uint32_t __j_r5; uint32_t __j_r6; uint32_t __j_r7; uint32_t __j_r8; uint32_t __j_r9; uint32_t __j_r10; uint32_t __j_r11; } jmp_buf[1]; /* size = 20 bytes */ I understand that it declares an anonymous struct and typedef's it to jmp_buf , but I can't figure out what the [1] is for. I know it declares jmp_buf to

I'm trying to learn about reverse engineering, using Minesweeper as a sample application. I've found this MSDN article on a simple WinDbg command that reveals all the mines but it is old, is not explained in any detail and really isn't what I'm looking for. I have IDA Pro disassembler and the WinDbg debugger and I've loaded winmine.exe into both of them. Can someone provide some practical tips for either of these programs in terms of finding the location of the data structure that represents the mine field? In WinDbg I can set breakpoints, but it is difficult for me to imagine at what point to

This is the disassembly of phase_6 : 08048dbf <phase_6>: 8048dbf: 55 push %ebp 8048dc0: 89 e5 mov %esp,%ebp 8048dc2: 83 ec 18 sub $0x18,%esp 8048dc5: c7 44 24 0c 00 00 00 movl $0x0,0xc(%esp) 8048dcc: 00 8048dcd: c7 44 24 08 0a 00 00 movl $0xa,0x8(%esp) 8048dd4: 00 8048dd5: c7 44 24 04 00 00 00 movl $0x0,0x4(%esp) 8048ddc: 00 8048ddd: 8b 45 08 mov 0x8(%ebp),%eax 8048de0: 89 04 24 mov %eax,(%esp) 8048de3: e8 0c fa ff ff call 80487f4 <__strtol_internal@plt> 8048de8: a3 4c b5 04 08 mov %eax,0x804b54c 8048ded: c7 04 24 4c b5 04 08 movl $0x804b54c,(%esp) 8048df4: e8 76 ff ff ff call 8048d6f <fun6>

I know the basics to java programming, but I'm new to reverse engineering APKs, so explanations would be nice! I have an APK file file, but not the Java source. After decompiling the APK online: the bulk of the application is hidden under assets > classes.dex.dat the only java file I found is com > ... > util > ProtectedUtils.java I have ProtectedUtils.java below: Link to full file if anyone is interested import android.app.Application; import android.app.Instrumentation; import android.content.Context; import android.os.Build.VERSION; import java.lang.reflect.Constructor; import java.lang