It seems that many users installed the hotfix for the WMF vulnerability on their machines.
Read MoreThis week a new vulnerability was found in Windows: http://www.microsoft.com/technet/security/advisory/912840.mspx Browsing the web was not safe anymore, regardless of the browser. Microsoft will certainly come up with a thouroughly tested fix for it in the future, but meanwhile I developed a temporary fix – I badly needed it.
Read MoreSo far this is the absolute record for the binary size of one division/remainder/multiplication operation:
Read MoreSuppose our goal is to dissect a new program. The ultimate method of analysis is single stepping the program of interest. Each executed instruction must be single stepped at least once so we won’t miss anything important.
Read MoreEven unobfuscated code is difficult to understand. Look at this function. Can you tell its purpose?
Read MoreI updated my EFD utility to handle the packed XCP.DAT file. To extract files from the archive, use: efd -x xcp.dat in a clean directory. It will create files like xcp1.dat, xcp2.dat, etc. Unfortunately the file names are not present in the archive, that’s why the names are so meaningless. Here is the utility: efd.zip
Read MoreThe last week several LGPL violations were found in Sony’s DRM implementation. Here is a proof of one violation. Here is a dedicated page with many other findings. By the way the license breach could be found using the simplest tools on the earth: any hex editor or the strings tool from unix would […]
Read MoreThe last described method does not work if the application uses an “unsupported” antidebugging trick. For example, if the application directly checks the PEB field instead of calling the IsDebuggerPresent function, the method will fail. Or the application could use something else, something from the future…
Read More