Malware Domain List

Malware Related => Malware Analysis => Topic started by: saranam7 on October 24, 2008, 06:27:24 am

Title: Reverse Engineering
Post by: saranam7 on October 24, 2008, 06:27:24 am
Hi ,

when v debug a file in ollydbg, if v get a access violation error that says " Access Violation when writing to [7C835678], " what can v try next, when SEH is not set in this case.
Title: Re: Reverse Engineering
Post by: sowhat-x on October 24, 2008, 11:36:22 am
Very generic question / depends on what the target is and does...generally though,first thing you should try out is:
Options > Debugging Options > Exceptions > Ignore (pass to program)...and tick most stuff there...
Title: Re: Reverse Engineering
Post by: saranam7 on October 25, 2008, 04:28:08 am
Thanks for ur reply... I am in beginners level... i hope the question i have asked  comes under antidebugging ... so can u advice on some antidebigging techniques or sites that would help me a lot...
Title: Re: Reverse Engineering
Post by: sowhat-x on October 25, 2008, 09:34:12 am
...i'm not a guru either,way far from that point,he-he...regarding anti-debugging techniques,
ap0x has done really nice work documenting more than a few of the...tricks of the trade:
http://ap0x.jezgra.net/protection.html

To bypass anti-Olly tricks,there exist quite a few helper apps out there,
eg.OllyAdvanced mod,HideTools,HideDebugger or the Phantom plugin...
You can find all of them over at tuts4you board,under the modifications and plugins sections:
http://www.tuts4you.com/download.php?list.3

For IDA,I think that the best solution is by far:
http://newgre.net/idastealth
Title: Re: Reverse Engineering
Post by: saranam7 on October 29, 2008, 09:04:48 am
tnx a lot... i went thru the urls and found it very helpful... Now can you advice me on how to improve my debugging speed... like identifying codes that are used for VMWare check or something like RDTSC,SIDT,etc.,