Posted by qpt0001rcelab in Uncategorized on June 30, 2011
It’s been a month or two that i am seriously trying to learn every basics of linear algebra. I’ve googled alot about this theme, found thousands of pdf craps out there, but every book i found, i couldnt even understand from them.
So I just came up on idea to watch some video tutorials. Since i love youtube, i tried to find there something related to linear algebra 🙂
And i found this wonderfull place with full of material for every freaking subject 😀
and here is the link related to Linear algebra
I hope you will enjoy this place
Unpacking simple ransomware
Posted by qpt0001rcelab in Uncategorized on March 27, 2011
Well, I’ve just configured my XP VM under virtualbox, and now I tried to work on some malwares.
And here, Xylitol sent me 1 ransomware. Well, it’s kinda easy too unpack, because it’s using upx and mystic compressor.
Well, im sure, that all people know how to unpack upx, so i wont explain it here. And once i unpacked upx, i saw another packer there. Xylitol told me that it’s mystic compressor. Name isnt that important, now important thing is how to unpack this packer 🙂
Well, after doing some analysis, i found that this packer is as easy as upx. I’ve started tracing code, and found call dword ptr xxxx on the same section, where programm started, and then i hit on F7, and started analyzing another section of code (in my machine 003XXXXX). Ofcourse this section was created by VirtualAlloc, so if you do not want to lose your time on just tracing, you can just do BP on it. Anyway, i traced inside it’s call too, and after getting on 003E04D3, which is return of packer’s stub, i pressed F7, and im already on OEP 🙂
there’s no any import redirection, or any anti dumping tricks, so you can easily dump it via ollydmp and fix imports via ImportRec. So it’s easy packer.
and now the question is.. how to kill this ransomware? 😛
N1ghtm4r3 keygenme 4
Posted by qpt0001rcelab in Uncategorized on March 24, 2011
today i was browsing over tuts4you, and found, that a guy with a name N1ghtm4r3, posted a new keygenme there.Some time ago I’ve solved one of his another keygenmes, and I thought it would be good to try this one too 🙂
Protection was base-24 mainly, but theres a lot of tricks in it. So i could finish my keygen in 30 mins. For those who want to have a look at my lame asm src, heres the link
Posted by qpt0001rcelab in Uncategorized on March 23, 2011
Hello world, i was thinking about starting a new blog about rce, where i can share some of my knowledge with you 🙂
I hope you will find this blog useful, and excuse me for my bad english 😀
thanks for attention,