    
        ____                     __       __           
       /  _/_ _  __ _  ___  ____/ /____ _/ /            
      _/ //  ' \/  ' \/ _ \/ __/ __/ _ `/ /              
     /___/_/_/_/_/_/_/\___/_/  \__/\_,_/_/               
       ____                          __          __      
      / __ \___ ___ _______ ___  ___/ /__ ____  / /____  
     / /_/ / -_|_-</ __/ -_) _ \/ _  / _ `/ _ \/ __(_-<  
    /_____/\__/___/\__/\__/_//_/\_,_/\_,_/_//_/\__/___/  
                                                         
          Web: http://www.ImmortalDescendants.org        
                      Author: Extasy                     
                      Date: 06/26/2000                   
          		Topic: Reverseme n1    	           
                      Level: Intermediate / Advanced     
                                                         
      
       
        



Hi ! There's quite a long time now that i was thinking of writing a reverseme myself :). You may say "bweeeh, it doesn't look good". And you'd be right :). The shape wasn't my first goal :). But let's talk reversing . It's not really an easy one as you need to understand and inverse the processus of the save of a file, to be able to implement the open of it :). But, as it will be easy for you all, i decided to complicate things a bit. Here are the good news :

1) You can modify *ONLY* the PE of the file, more exactly just everything before the first section.


HINTS:
      -- 	You can do what you want at runtime, so, have fun with WriteProcessMemory :)
      --	if you invoke GetCurrentProcessId, then you have a valid process handle to play with.
      --	I suggest you to write a dll. :)
      --	I repeat that you can play with the space between the .pe and the first section.


Mail your solutions to me at :   extasy@netcourrier.com.
You can find me on IRC on EFNet on #immortaldescendants, #cracking4newbies. But don't come to tell me "it's impossible, how can we do that only in the PE ?"

THANKS : SantMat, amante, Crudd, Volatility, promethee, CD_Knight, vrom, MagicRaph, ep-180, ...., sorry for those i forget !

