Grixa

Author's details

Name: Григорий
Date registered: March 7, 2011

Latest posts

  1. Codegate CTF 2011 Binary 200 — March 8, 2011

Most commented posts

Author's posts listings

Mar
08

Codegate CTF 2011 Binary 200

Let’s open this PE-file in IDA Pro. There is TLS-callback at address 0x00401450. TLS-callback is just anti-debugging trick (with SEH, dynamic import etc), so we can skip it and start execution from entry point: 0x00401000. On the entry point we can see some decoding cycle and one call at address 0x00401058. If we go into… Continue reading »