Interesting Resources

Freezing Home

Polaris current works

Polaris past works

Interesting resources

IIce Age - Polaris' Diary


In this section there will be a collection of things I think useful for reverse engineering and reverse compilation. If you feel that something deserves to be published here, please contact me at masterofnebulahfrost@hotmail.com. 

 

LCC32 CRT

This code is pretty useful when you are dealing with LCC32 generated executables: IDA Pro will not recognize them, but using this code you will able to get the right location of the _main function and ,more important, to exactly identify your executable.

_mainCRTStartup:
movl %fs :0,%eax ; save the contents of the exception list
pushl %ebp ; build a stack frame
movl %esp,%ebp
push $0xffffffff ; build the exception handler structure
pushl $_$ExcepData
pushl $__except_handler3
push %eax
movl %esp,fs :0 ; set this structure at the top of the exception list
subl $16,%esp ; space for local variables
push %ebx ; save registers
push %esi
push %edi
mov %esp,-24(%ebp)
pushl $__environ ;call GetMainArgs to get the command arguments
pushl $___argv ;for the ‘main’ function
pushl $___argc
call __GetMainArgs
pushl __environ ; now push those for _main()
pushl ___argv
pushl ___argc
movl %esp,__InitialStack ; save the top of stack in a global
call _main
addl $24,%esp
xor %ecx,%ecx ; invalidate the exception list element above
movl %ecx,-4(%ebp)
push %eax
call _exit ; finish this process
ret ; this is in case _exit returns, very surprising!

This code is directly taken from LCC32 official user manual, and comments are from the author.

Last INQUISITION Logo

Please have a look to the final  INQUISITION logo, as seen by our great artwork master dyn!o:

The SourceForge Boomerang project

People not believing in decompilation reality, look at this  http://boomerang.sourceforge.net

Interesting decompile me :)

Trapflag  has developed an interesting contest on decompilation...Nice for anybody willing to actually practice a beginner  full decompilation attempt. Check it at: http://www.backtrace.de/cashdispenser . I hope trapflag will develop new contests like this.

Wanna peek at my solution? Or just wanna see how Polaris works? Then click here!

The Honeynet Reverse Me Challenge

Since we are talking about decompilation related challenges, we can't talk about this: http://project.honeynet.org/reverse/ . This challenge was hard and complex - but using the great solutions submitted by challengers you should be able to,at least, follow it and learn from it. And maybe having much fun as I had :).

 

PVDasm Disassembler by Bengaly

Please have a look to this effort of creating a freeware professional disassembler – a very good effort made by Bengaly: http://pvdasm.anticrack.de/

 

IDA Pro 4.30 Brochure

Heh... I have used MANY and MANY versions of IDA Pro, from 3.85b, and gathered much material about it... But I never got this... Cool, have a look here.

IDA Pro 4.3 Freeware Version

I think that this one went a little unseen due to the recent warezing of 4.7. However, for people wanting to be "correct" here is the new freeware version... Download here!