+HCU: Academy of reverse engineering
hcu97 Founded by +ORC in April 1996 hcu98

+HCU's special Project: 'Our own tools'

Project start:
January 1998
packers
Last update:
November 1998

[Background] ~ [Tools] ~ [How to use Our Tools]
redCourtesy of Fravia's pages of reverse engineering
Tools by us, for us, to reverse the hell out of it
ourtools

From Fravia's own private
"cracking posters" collection

"We can do it!"
(1941)

The +HCU project
Our own tools
(1998)
November 1998
Dear fellow crackers, Fravias and protectors, we need good and powerful tools to reverse the hell out of it, and we need to know how to use them effectively, and we need to know WHICH tools are out there, on this ever-expanding web of ours, where among tons of useless frills you can find some rare gems like this incredibly good south korean disassembler (with source code!). Moreover we need to develop (or caper) our own tools, because most of the 'tools of the trade' we use have been made more in order to check and repair buggy programs you already have the source code of than to reverse programs you don't even know which compiler has been used for :-)
If you are so deep inside my site, you already know what Fravias use. We use debuggers (like Softice), disassemblers (like IDA and Wdasm32), flow-analyzers (like Smartcheck), port, file, register and API interceptors (like the great sysnternals suite), windows identifyers (like Customizer) and so on and so on... of course, being respectful Fravias, the first approach when developing our own tools is simply to rip all the tricks we need out of the existing tools :-)
Good wizard +Mammon_ started this fundamental 'scouting' work: you'll be able to read here his first findings. Let's now continue:
  • Let's LIST the existing tools, a difficult enough task
  • Let's MASTER the use of those we reckon to be the BEST, a difficult enough task
  • Let's study these targets IN THE DEEP and let's analyse their tricks (in fact let's completely REVERSE them), a difficult enough task.
We will -in due time- ameliorate and modify the most interesting code solutions we'll have found in order to produce our own tools, as +RCG showed in his essay about COMSPY 98. There's no harry: we have all the time of the world and I'm sure that with the contribution of the smartest Fravias of this planet we will succeed.

There should be a couple of differences between "our tools" and the existing ones:
1) our tools will always be free and will be given out to anybody not only with their source code but also with a complete "history" of their development, that you'll also be able to follow on this site.
2) Our tools will be more 'target oriented' (if you know what I mean :-) than the existing ones for obvious reasons.


Now let's see if we can put some deeds where our mouth is... as usual a project like this one will florish and prosper if many will contribute, will pepper out and die if you do not contribute and if you think it's a smart move just to leech things out, without giving anything in exchange... you're not doing just that, are you?

24 Februar 1998 __EXPERT__
Well, NaTzGUL, for one, certainly was no leecher! his "wisdec" is a real beauty!
This is no usual 'essat', this is an example of the creativity and of the cleverness of higher crackers! Enjoy!

Here follows a little list of existing interesting tools (all of them fiddling with vdx and APIs) that you would be well advised to reverse/study/investigate (please notice/add/crack all OTHER missing ones):
Filemon, Regmon, VdxMon, by Mark Russinowich, see my filemon1.htm (etc) essays
MemMonitor95 (see Footsteps' footthun.htm
Tekfct (see my tekles1.htm)
Comspy 98 (see +RCG's rcg_cmsp.htm)
Numega's Softice (see the whole project2.htm)
Numega Boundschecker (see Shadows' shadow1.htm)
Numega's Smartcheck (see Snatch's snatch1.htm and my anonma2.htm)

PROGRAMMING OUR OWN TOOLS
(The long steep road to wizardry)
[Background] ~ [Tools] ~ [How to use Our Tools]

Background readings

PHASE 1
redFilemon, a complete disassembly
[part one] [part two] [part three] [part four] [part five]
by Fravia+
August - September 1997

PHASE 2
redMemMonitor95 Standard 4.0 and its ThunkConnect32 relations
(Half-crippled program / Unhiding an hidden window / Thunk vagaries)
by Footsteps
22 November 1997

PHASE 3
redCRYPTOGRAPHY AND MATHEMATICS OF CHAOS
by +Rcg
14 January 1998

PHASE 4
redA FIRST INTRODUCTION TO VxD
by +Rcg
14 January 1998

PHASE 5
redVXDennis the menace ~ Fun with VRAMDIR v1.07
by CoreFixar
01 February 1998


Our Tools directly related essays


PHASE 1
redCOMSPY98: A TOOL OF OUR TRADE
Magic APIs hooking in Windoze
by +Rcg
15 January 1998

PHASE 2
redMammon's first findings
API Vision (avdemo15.exe) promises
by +Mammon
15 January 1998

PHASE 3
redExtending the IDA Script Language
A First Stab
by +Quine
27 January 1998

PHASE 4
redHow to access the memory of a process, a Tutorial
A First Stab
by NaTzGUL
17 Februar 1998

PHASE 5
NaTzGUL's red"wisdec" (Installshield decompiler)
A "real" program (1.052.922 bytes)
by NaTzGUL
24 Februar 1998 __EXPERT__

PHASE 6
SiuL+Hacky's redLinux GUIs. The Chances. (Advanced Linux cracking)
by SiuL+Hacky
01 March 1998 __ADVANCED__
10 July 98 Ozymandias ~ ozyma1.htm Opera 3.21 crack ourtools ~fra_0134
10 July 98 SiuL+Hacky ~ siullin2.htm Ltrace. The Tool (Linux disassembling) advanced
ourtools
~fra_0135
06 Sep 98 SiuL+Hacky ~ siulflex.htm Linux advanced cracking: flexlm advanced
Ourtools
~fra_014C
14 Oct 98 TWD ~ twdaplog.htm Finding an hidden incredible database inside windows98 proj 9
ourtools
~fra_015A
30 Oct 98 by Swann ~ swann_mm.htm A New Toy: reversing the different 'modes' of a target Ourtools ~ fra_0160
30 Oct 98 adq ~ laste_09.htm isDcc: An installshield Decompiler advanced
ourtools
~ fra_0162
30 Oct 98 Nikodemos (Jayke) ~ getinfo.htm The Quick Guide to Smashing those insidious *.DAT filez ourtools ~ fra_0162
12 Nov 98 _Al ~ idasym.zip Converts IDA map file to a SoftIce SYM file ourtools ~ fra_tools


You are deep inside Fravia's page of reverse engineering, choose your way out:


redHow to use our tools


USEFUL
Programmer's corner
TOUGH
Our Protections
protec
How to protect better
packers
Packers & Unp

redhomepage red links red anonymity +ORC redstudents' essays redacademy database
redantismut redtools redcocktails redsearch_forms redmail_Fravia
redIs reverse engineering illegal?

red(c) Fravia+ 1995, 1996, 1997, 1998. All rights reserved