Enviar pesquisa
Carregar
台科逆向簡報
•
19 gostaram
•
5,408 visualizações
耀
耀德 蔡
Seguir
有錯誤煩請聯絡腿骨 感謝 < ( _ _ ) >
Leia menos
Leia mais
Tecnologia
Denunciar
Compartilhar
Denunciar
Compartilhar
1 de 154
Baixar agora
Baixar para ler offline
Recomendados
逆向工程入門
逆向工程入門
耀德 蔡
TDOH x 台科 pwn課程
TDOH x 台科 pwn課程
Weber Tsai
NTUSTxTDOH - Pwn基礎 2015/12/27
NTUSTxTDOH - Pwn基礎 2015/12/27
Sheng-Hao Ma
ROP 輕鬆談
ROP 輕鬆談
hackstuff
Binary exploitation - AIS3
Binary exploitation - AIS3
Angel Boy
Windows 10 Nt Heap Exploitation (Chinese version)
Windows 10 Nt Heap Exploitation (Chinese version)
Angel Boy
Advanced heap exploitaion
Advanced heap exploitaion
Angel Boy
Reverse Engineering Dojo: Enhancing Assembly Reading Skills
Reverse Engineering Dojo: Enhancing Assembly Reading Skills
Asuka Nakajima
Recomendados
逆向工程入門
逆向工程入門
耀德 蔡
TDOH x 台科 pwn課程
TDOH x 台科 pwn課程
Weber Tsai
NTUSTxTDOH - Pwn基礎 2015/12/27
NTUSTxTDOH - Pwn基礎 2015/12/27
Sheng-Hao Ma
ROP 輕鬆談
ROP 輕鬆談
hackstuff
Binary exploitation - AIS3
Binary exploitation - AIS3
Angel Boy
Windows 10 Nt Heap Exploitation (Chinese version)
Windows 10 Nt Heap Exploitation (Chinese version)
Angel Boy
Advanced heap exploitaion
Advanced heap exploitaion
Angel Boy
Reverse Engineering Dojo: Enhancing Assembly Reading Skills
Reverse Engineering Dojo: Enhancing Assembly Reading Skills
Asuka Nakajima
Linux binary Exploitation - Basic knowledge
Linux binary Exploitation - Basic knowledge
Angel Boy
Execution
Execution
Angel Boy
Linux Binary Exploitation - Stack buffer overflow
Linux Binary Exploitation - Stack buffer overflow
Angel Boy
MacOS memory allocator (libmalloc) Exploitation
MacOS memory allocator (libmalloc) Exploitation
Angel Boy
20190521 pwn 101_by_roy
20190521 pwn 101_by_roy
Roy
Pwning in c++ (basic)
Pwning in c++ (basic)
Angel Boy
CRC-32
CRC-32
7shi
Return to dlresolve
Return to dlresolve
Angel Boy
Linux Binary Exploitation - Heap Exploitation
Linux Binary Exploitation - Heap Exploitation
Angel Boy
katagaitai CTF勉強会 #5 Crypto
katagaitai CTF勉強会 #5 Crypto
trmr
第二回CTF勉強会資料
第二回CTF勉強会資料
Asuka Nakajima
Heap exploitation
Heap exploitation
Angel Boy
Deflate
Deflate
7shi
Vmlinux: anatomy of bzimage and how x86 64 processor is booted
Vmlinux: anatomy of bzimage and how x86 64 processor is booted
Adrian Huang
x86
x86
Wei-Bo Chen
twlkh-linux-vsyscall-and-vdso
twlkh-linux-vsyscall-and-vdso
Viller Hsiao
Sigreturn Oriented Programming
Sigreturn Oriented Programming
Angel Boy
CyberChefの使い方(HamaCTF2019 WriteUp編)
CyberChefの使い方(HamaCTF2019 WriteUp編)
Shota Shinogi
Linux Kernel Exploitation
Linux Kernel Exploitation
Scio Security
How Functions Work
How Functions Work
Saumil Shah
Python教程 / Python tutorial
Python教程 / Python tutorial
ee0703
Basic ASM by @binaryheadache
Basic ASM by @binaryheadache
camsec
Mais conteúdo relacionado
Mais procurados
Linux binary Exploitation - Basic knowledge
Linux binary Exploitation - Basic knowledge
Angel Boy
Execution
Execution
Angel Boy
Linux Binary Exploitation - Stack buffer overflow
Linux Binary Exploitation - Stack buffer overflow
Angel Boy
MacOS memory allocator (libmalloc) Exploitation
MacOS memory allocator (libmalloc) Exploitation
Angel Boy
20190521 pwn 101_by_roy
20190521 pwn 101_by_roy
Roy
Pwning in c++ (basic)
Pwning in c++ (basic)
Angel Boy
CRC-32
CRC-32
7shi
Return to dlresolve
Return to dlresolve
Angel Boy
Linux Binary Exploitation - Heap Exploitation
Linux Binary Exploitation - Heap Exploitation
Angel Boy
katagaitai CTF勉強会 #5 Crypto
katagaitai CTF勉強会 #5 Crypto
trmr
第二回CTF勉強会資料
第二回CTF勉強会資料
Asuka Nakajima
Heap exploitation
Heap exploitation
Angel Boy
Deflate
Deflate
7shi
Vmlinux: anatomy of bzimage and how x86 64 processor is booted
Vmlinux: anatomy of bzimage and how x86 64 processor is booted
Adrian Huang
x86
x86
Wei-Bo Chen
twlkh-linux-vsyscall-and-vdso
twlkh-linux-vsyscall-and-vdso
Viller Hsiao
Sigreturn Oriented Programming
Sigreturn Oriented Programming
Angel Boy
CyberChefの使い方(HamaCTF2019 WriteUp編)
CyberChefの使い方(HamaCTF2019 WriteUp編)
Shota Shinogi
Linux Kernel Exploitation
Linux Kernel Exploitation
Scio Security
How Functions Work
How Functions Work
Saumil Shah
Mais procurados
(20)
Linux binary Exploitation - Basic knowledge
Linux binary Exploitation - Basic knowledge
Execution
Execution
Linux Binary Exploitation - Stack buffer overflow
Linux Binary Exploitation - Stack buffer overflow
MacOS memory allocator (libmalloc) Exploitation
MacOS memory allocator (libmalloc) Exploitation
20190521 pwn 101_by_roy
20190521 pwn 101_by_roy
Pwning in c++ (basic)
Pwning in c++ (basic)
CRC-32
CRC-32
Return to dlresolve
Return to dlresolve
Linux Binary Exploitation - Heap Exploitation
Linux Binary Exploitation - Heap Exploitation
katagaitai CTF勉強会 #5 Crypto
katagaitai CTF勉強会 #5 Crypto
第二回CTF勉強会資料
第二回CTF勉強会資料
Heap exploitation
Heap exploitation
Deflate
Deflate
Vmlinux: anatomy of bzimage and how x86 64 processor is booted
Vmlinux: anatomy of bzimage and how x86 64 processor is booted
x86
x86
twlkh-linux-vsyscall-and-vdso
twlkh-linux-vsyscall-and-vdso
Sigreturn Oriented Programming
Sigreturn Oriented Programming
CyberChefの使い方(HamaCTF2019 WriteUp編)
CyberChefの使い方(HamaCTF2019 WriteUp編)
Linux Kernel Exploitation
Linux Kernel Exploitation
How Functions Work
How Functions Work
Semelhante a 台科逆向簡報
Python教程 / Python tutorial
Python教程 / Python tutorial
ee0703
Basic ASM by @binaryheadache
Basic ASM by @binaryheadache
camsec
A REST Layer on Top of the World - IPC13 Munich
A REST Layer on Top of the World - IPC13 Munich
Nicolas Pastorino
Elixir @ Paris.rb
Elixir @ Paris.rb
Gregoire Lejeune
Python于Web 2.0网站的应用 - QCon Beijing 2010
Python于Web 2.0网站的应用 - QCon Beijing 2010
Qiangning Hong
Binary Obfuscation from the Top Down: Obfuscation Executables without Writing...
Binary Obfuscation from the Top Down: Obfuscation Executables without Writing...
frank2
Happy Go Programming
Happy Go Programming
Lin Yo-An
C++ and Assembly: Debugging and Reverse Engineering
C++ and Assembly: Debugging and Reverse Engineering
corehard_by
Writing your own programming language to understand Ruby better - Euruko 2011
Writing your own programming language to understand Ruby better - Euruko 2011
Plataformatec
Query Hundreds of Fields at Scale - Yannis Hector, Salesforce & David Smiley,...
Query Hundreds of Fields at Scale - Yannis Hector, Salesforce & David Smiley,...
Lucidworks
第11回 配信講義 計算科学技術特論A(2021)
第11回 配信講義 計算科学技術特論A(2021)
RCCSRENKEI
Evgeniy Muralev, Mark Vince, Working with the compiler, not against it
Evgeniy Muralev, Mark Vince, Working with the compiler, not against it
Sergey Platonov
[131]해커의 관점에서 바라보기
[131]해커의 관점에서 바라보기
NAVER D2
DEF CON 23 - CHRIS DOMAS - REpsych
DEF CON 23 - CHRIS DOMAS - REpsych
Felipe Prado
Intro to reverse engineering owasp
Intro to reverse engineering owasp
Tsvetelin Choranov
Apex on Local - Better Alternative to Salesforce DX
Apex on Local - Better Alternative to Salesforce DX
tzm_freedom
The Stack and Buffer Overflows
The Stack and Buffer Overflows
UTD Computer Security Group
Return Oriented Programming (ROP chaining)
Return Oriented Programming (ROP chaining)
Abhinav Chourasia, GMOB
Protecting C++
Protecting C++
Pavel Filonov
Защищая С++. Павел Филонов ➠ CoreHard Autumn 2019
Защищая С++. Павел Филонов ➠ CoreHard Autumn 2019
corehard_by
Semelhante a 台科逆向簡報
(20)
Python教程 / Python tutorial
Python教程 / Python tutorial
Basic ASM by @binaryheadache
Basic ASM by @binaryheadache
A REST Layer on Top of the World - IPC13 Munich
A REST Layer on Top of the World - IPC13 Munich
Elixir @ Paris.rb
Elixir @ Paris.rb
Python于Web 2.0网站的应用 - QCon Beijing 2010
Python于Web 2.0网站的应用 - QCon Beijing 2010
Binary Obfuscation from the Top Down: Obfuscation Executables without Writing...
Binary Obfuscation from the Top Down: Obfuscation Executables without Writing...
Happy Go Programming
Happy Go Programming
C++ and Assembly: Debugging and Reverse Engineering
C++ and Assembly: Debugging and Reverse Engineering
Writing your own programming language to understand Ruby better - Euruko 2011
Writing your own programming language to understand Ruby better - Euruko 2011
Query Hundreds of Fields at Scale - Yannis Hector, Salesforce & David Smiley,...
Query Hundreds of Fields at Scale - Yannis Hector, Salesforce & David Smiley,...
第11回 配信講義 計算科学技術特論A(2021)
第11回 配信講義 計算科学技術特論A(2021)
Evgeniy Muralev, Mark Vince, Working with the compiler, not against it
Evgeniy Muralev, Mark Vince, Working with the compiler, not against it
[131]해커의 관점에서 바라보기
[131]해커의 관점에서 바라보기
DEF CON 23 - CHRIS DOMAS - REpsych
DEF CON 23 - CHRIS DOMAS - REpsych
Intro to reverse engineering owasp
Intro to reverse engineering owasp
Apex on Local - Better Alternative to Salesforce DX
Apex on Local - Better Alternative to Salesforce DX
The Stack and Buffer Overflows
The Stack and Buffer Overflows
Return Oriented Programming (ROP chaining)
Return Oriented Programming (ROP chaining)
Protecting C++
Protecting C++
Защищая С++. Павел Филонов ➠ CoreHard Autumn 2019
Защищая С++. Павел Филонов ➠ CoreHard Autumn 2019
Último
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
apidays
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
Igalia
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
DianaGray10
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Drew Madelung
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
The Digital Insurer
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Edi Saputra
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
The Digital Insurer
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
The Digital Insurer
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
apidays
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Roshan Dwivedi
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
wesley chun
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Miguel Araújo
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
sudhanshuwaghmare1
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
debabhi2
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
Martijn de Jong
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
Rafal Los
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
Gabriella Davis
Manulife - Insurer Innovation Award 2024
Manulife - Insurer Innovation Award 2024
The Digital Insurer
Top 10 Most Downloaded Games on Play Store in 2024
Top 10 Most Downloaded Games on Play Store in 2024
SynarionITSolutions
Último
(20)
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
Manulife - Insurer Innovation Award 2024
Manulife - Insurer Innovation Award 2024
Top 10 Most Downloaded Games on Play Store in 2024
Top 10 Most Downloaded Games on Play Store in 2024
台科逆向簡報
1.
Reverse Engineering TDOH x
Tigerduck LegBone
2.
• BY PASS
Hackshield • TDOHacker • SITCON 2014/2015 short talk • HITCON 2015 • • ….. About Me
3.
4.
5.
• Windows XP •
VMware
6.
7.
8.
9.
10.
11.
12.
13.
14.
1. 2.OD/IDA 3. upx asp... 4.
ring3 anti debugger
15.
• • •
16.
•
17.
•
18.
• •
19.
• • •
20.
• • • •
21.
• , 1010101 •
Binary
22.
(* ́∀`*)
23.
(* ́∀`*) CPU ,
CPU
24.
VC ,return EAX ESP,EBP EIP
25.
AF CF OF SF ( ) PF ZF DF IF TF
26.
AF CF OF SF ( ) PF ZF DF IF TF
27.
28.
XD • • mov →
move EX : mov ecx, 1 • add / sub → EX : add eax,10 • cmp / test → • jmp → • push / pop → Stack
29.
XD • • mov →
move EX : mov ecx, 1 • add / sub → EX : add eax,10 • cmp / test → • jmp → • push / pop → Stack
30.
XD • • mov →
move EX : mov ecx, 1 • add / sub → EX : add eax,10 • cmp / test → • jmp → • push / pop → Stack
31.
XD • • mov →
move EX : mov ecx, 1 • add / sub → EX : add eax,10 • cmp / test → • jmp → • push / pop → Stack
32.
XD • • mov →
move EX : mov ecx, 1 • add / sub → EX : add eax,10 • cmp / test → • jmp → • push / pop → Stack
33.
• inc eax
→ eax+1 • dec eax → eax-1 • xor eax,ebx → eax ebx xor eax • or eax,ebx → eax ebx or eax • and eax,ebx → eax ebx and eax
34.
• inc eax
→ eax+1 • dec eax → eax-1 • xor eax,ebx → eax ebx xor eax • or eax,ebx → eax ebx or eax • and eax,ebx → eax ebx and eax
35.
• inc eax
→ eax+1 • dec eax → eax-1 • xor eax,ebx → eax ebx xor eax • or eax,ebx → eax ebx or eax • and eax,ebx → eax ebx and eax
36.
• inc eax
→ eax+1 • dec eax → eax-1 • xor eax,ebx → eax ebx xor eax • or eax,ebx → eax ebx or eax • and eax,ebx → eax ebx and eax
37.
• inc eax
→ eax+1 • dec eax → eax-1 • xor eax,ebx → eax ebx xor eax • or eax,ebx → eax ebx or eax • and eax,ebx → eax ebx and eax
38.
• byte ptr[ebp+8]
→ ebp+8 byte • dword ptr[ebp+8] → ebp+8 dword • lea , →
39.
• byte ptr[ebp+8]
→ ebp+8 byte • dword ptr[ebp+8] → ebp+8 dword • lea , →
40.
• byte ptr[ebp+8]
→ ebp+8 byte • dword ptr[ebp+8] → ebp+8 dword • lea , →
41.
T_T (?
42.
43.
(?
44.
• • • Code • • •
45.
• • ollydbg • ida
pro • cheat engine • …
46.
OLLYDBG
47.
48.
49.
50.
51.
52.
53.
54.
55.
OD
56.
IDA PRO
57.
58.
59.
60.
61.
DEOM
62.
63.
• •
64.
• • • : (σ
・ω・)σ
65.
66.
/
67.
/
68.
/ or • • • upx mpress
69.
/ or • • • upx mpress • •
asprotect themida
70.
/ or • • • upx mpress • •
asprotect themida • by • vmprotect
71.
/
72.
/
73.
/
74.
/ •
75.
/ • •
76.
/ ( •̀ .
̫•́)✧
77.
/
78.
/
79.
/ memory dump
80.
/ memory dump
81.
/ • • • PEID….
82.
/ • • • PEID…. • •
83.
/
84.
/ • • •
85.
/ • • • • • • oep • • ......
86.
/ Delphi
87.
/ BC++
88.
/ VB
89.
/ VC6.0
90.
/ VC7.0
91.
/ http://drops.wooyun.org/binary/8640
92.
/ • memory dump •
memory dump • code •
93.
/ • memory dump •
memory dump • code • • • ollydbg • LordPE
94.
/
95.
/
96.
/ • • • •
97.
/ • • • • • • • • ImportRec • Scylla •
98.
/
99.
/
100.
/
101.
/ esp
102.
/ • esp • • • pushad
popad
103.
/ • esp • • • pushad
popad • • esp • • oep
104.
/
105.
/ DEOM
106.
/
107.
/
108.
/ DEOM
109.
/
110.
/
111.
/ DEOM
112.
/
113.
/
114.
Ring3 anti debugger
115.
Ring3 anti debugger
116.
Ring3 anti debugger
117.
Ring3 anti debugger
118.
Ring3 anti debugger
119.
/
120.
Ring3 anti debugger
121.
Ring3 anti debugger
122.
Ring3 anti debugger
123.
Ring3 anti debugger Ring0
124.
Ring3 anti debugger Ring0
125.
Ring3 anti debugger Ring0
126.
Ring3 anti debugger anti
debugger debugger
127.
Ring3 anti debugger deubgger
debug DbgUiRemoteBreakin DbgUiRemoteBreakin DbgBreakPoint
128.
Ring3 anti debugger debugger
sitcon 2014 https://speakerdeck.com/cowby123/di-ci-zi-gan- debuggerjiu-shang-shou
129.
Ring3 anti debugger
130.
Ring3 anti debugger NtCurrentPeb()->BeingDebugged PEB
BeingDebugged
131.
Ring3 anti debugger
132.
Ring3 anti debugger ret
133.
Ring3 anti debugger demo
134.
Ring3 anti debugger demo
135.
Ring3 anti debugger
136.
Ring3 anti debugger
137.
Ring3 anti debugger anti
debugger
138.
Ring3 anti debugger
139.
Ring3 anti debugger a.exe
b.exe a.exe b.exe
140.
Ring3 anti debugger
141.
Ring3 anti debugger cmd.exe
explorer.exe debug
142.
Ring3 anti debugger
143.
Ring3 anti debugger debugger
144.
Ring3 anti debugger debugger
145.
Ring3 anti debugger debugger
146.
Ring3 anti debugger
147.
Ring3 anti debugger
148.
Ring3 anti debugger anti
debugger od
149.
Ring3 anti debugger
150.
Ring3 anti debugger StrongOD ring0
151.
Ring3 anti debugger StrongOD StrongOD
152.
Ring3 anti debugger
153.
Ring3 anti debugger
154.
Ring3 anti debugger
Baixar agora