I realized that it is quite easy to make FindCrypt work with big endian programs. For that we just need to know the size of each constant array element and swap them if required. So here is the second version of FindCrypt. It introduces the following improvements:it works with both little and big endian programs it […]
Read MoreA decompiler is commonly viewed as a tool to recover the source code of a program, the same way as a disassembler is a tool to convert a binary executable program to an assembler text. This is true in some cases but only in some.
Read MoreI restored the old configuration and the blog will continue its normal operation now. The hotfix can not be downloaded from the site anymore but its source code is still available. Thank you all for the support! I’d like to say thank you once more to the guys who mirrored the files! P.S. Next week we will […]
Read MoreThe new version is suitable for automated setup (for example, in logon scripts).
Read MoreIt seems that many users installed the hotfix for the WMF vulnerability on their machines.
Read MoreThis week a new vulnerability was found in Windows: http://www.microsoft.com/technet/security/advisory/912840.mspx Browsing the web was not safe anymore, regardless of the browser. Microsoft will certainly come up with a thouroughly tested fix for it in the future, but meanwhile I developed a temporary fix – I badly needed it.
Read MoreSo far this is the absolute record for the binary size of one division/remainder/multiplication operation:
Read MoreSuppose our goal is to dissect a new program. The ultimate method of analysis is single stepping the program of interest. Each executed instruction must be single stepped at least once so we won’t miss anything important.
Read More