Press "Enter" to skip to content

Posts published in “User Mode”

Why you should not always trust MSDN: Finding Real Access Rights Needed By Handles

Sina Karvandi 0

Introduction Hi guys, The title of this topic is somehow weird, if you think everything in MSDN is 100% match with what Microsoft implemented in Windows (like what I used to think), you’re definitely wrong, this post shows some proofs and in the last part, I’ll give you a solution to ACCESS_RIGHTS problem. Before starting let’s talk about some backgrounds about “ACCESS_MASK“. Most of the explanations derived from here. Backgrounds The ACCESS_MASK data type is a DWORD value that defines standard, specific, and generic…

PyKD Tutorial – part 2

Sina Karvandi 0

The content of this post is the second part of PyKD Tutorials, so make sure to read this topic first, then continue reading this topic. Breakpoints Breakpoints are such useful things and can give you the power of analyzing programs in a better and easier way by using PyKD. In the API Reference they introduce setBp function in the following way : [crayon-5d33923f0d87a557151190/] As you can see, setBp can give a pointer as its first argument and a python function as the second…

PyKD Tutorial – part 1

Sina Karvandi 0

Using windbg script syntax is such annoying thing that almost all reverse engineers have problems dealing with it but automating debugging gives such a power that can’t be easily ignored. A good solution to solve this problem is using the power and simplicity of Python and Windbg together. If you aware, Windbg also supports c-like binaries as extensions so there is a praiseworthy tool called PyKD which does the hard thing and connects Python and Windbg together in a straight and usable…

A partial survey among non-general purpose registers

Sina Karvandi 0

Hi guys, In the past few days, I was searching about non-general purpose register then I saw the following pictures that give me a new idea of posting about the non-general purpose registers. These pieces of information might have some fault because of my misunderstandings about some of them, if you see any fault then please tell me in the comments! You can also download the PDF version of the above picture here! I don’t know if there are other…

Assembly Challenge : Jump to a non-relative address without using registers

Sina Karvandi 0

During developing a dispatch table for some instructions in binaries, one of the challenging problem which I faced, was changing the registers state in a way that doesn’t affect the program flow! So it might seem simple at first glance but what makes it complex is that I can’t use relative jumps or relative calls because, in some situation, I might be far away from .text segment of my binary. It causes me to explore the solutions about far jumps…