+HCU: Academy of reverse engineering
hcu97 Founded by +ORC in April 1996 hcu98

+HCU's special Project: 'Our own tools'

Project start:
January 1998
packers
Last update:
October 1998

redCourtesy of Fravia's page of reverse engineering
Tools by us, for us, to reverse the hell out of it
ourtools

From Fravia's own private
"cracking posters" collection

"We can do it!"
(1941)

The +HCU project
Our own tools
(1998)
January 1998
Well, dear fellow crackers, Fravias and protectors, I'm sure you'll enjoy the 1998 'shift': no more 'blind' cracking around. We need good and powerful tools to reverse the hell out of it. We will (probably) begin with a good API interceptor which should of course work as well as an API return values faker... of course, being respectful Fravias, the first approach when developing our own tools is to rip all the tricks we need out of the existing ones :-)
Mammon_ has already started this fundamental 'scouting' work. And I'm proud to present now his first findings.
So let's continue to LIST the existing tools, let's study these targets IN THE DEEP and let's analyse their tricks (in fact let's for a start completely reverse them). We will then ameliorate and modify the most interesting code solutions we'll have found in order to produce our own (pretty powerful) tools, as +RCG already shows you in his new essay about COMSPY 98.
There will be TWO main differences between our tools and the existing 'lower' ones:
1) our tools will always be free and will be given out to anybody not only with their source code but also with a complete "history" of their development, that you'll also be able to follow on this site.
2) Our tools will be MUCH more powerful than the existing ones for assembly obvious reasons.


Now let's see if we can put some deeds where our mouth is... as usual a project like this one will florish and prosper if many will contribute, will pepper out and die if you do not contribute and if you think it's a smart move just to leech things out, without giving anything in exchange... you're not doing just that, are you?

24 Februar 1998 __EXPERT__
Well, NaTzGUL, for one, certainly was no leecher! his "wisdec" is a real beauty!
This is no usual 'essat', this is an example of the creativity and of the cleverness of higher crackers! Enjoy!

Here follows a little list of existing interesting tools (all of them fiddling with vdx and APIs) that you would be well advised to reverse/study/investigate (please notice/add/crack all OTHER missing ones):
Filemon, Regmon, VdxMon, by Mark Russinowich, see my filemon1.htm (etc) essays
MemMonitor95 (see Footsteps' footthun.htm
Tekfct (see my tekles1.htm)
Comspy 98 (see +RCG's rcg_cmsp.htm)
Numega's Softice (see the whole project2.htm)
Numega Boundschecker (see Shadows' shadow1.htm)
Numega's Smartcheck (see Snatch's snatch1.htm and my anonma2.htm)

PROGRAMMING OUR OWN TOOLS
(The long steep road to wizardry)
[Background] ~ [Tools] ~ [How to use Our Tools]

Background readings

PHASE 1
redFilemon, a complete disassembly
[part one] [part two] [part three] [part four] [part five]
by Fravia+
August - September 1997

PHASE 2
redMemMonitor95 Standard 4.0 and its ThunkConnect32 relations
(Half-crippled program / Unhiding an hidden window / Thunk vagaries)
by Footsteps
22 November 1997

PHASE 3
redCRYPTOGRAPHY AND MATHEMATICS OF CHAOS
by +Rcg
14 January 1998

PHASE 4
redA FIRST INTRODUCTION TO VxD
by +Rcg
14 January 1998

PHASE 5
redVXDennis the menace ~ Fun with VRAMDIR v1.07
by CoreFixar
01 February 1998


Our Tools directly related essays


PHASE 1
redCOMSPY98: A TOOL OF OUR TRADE
Magic APIs hooking in Windoze
by +Rcg
15 January 1998

PHASE 2
redMammon's first findings
API Vision (avdemo15.exe) promises
by +Mammon
15 January 1998

PHASE 3
redExtending the IDA Script Language
A First Stab
by +Quine
27 January 1998

PHASE 4
redHow to access the memory of a process, a Tutorial
A First Stab
by NaTzGUL
17 Februar 1998

PHASE 5
NaTzGUL's red"wisdec" (Installshield decompiler)
A "real" program (1.052.922 bytes)
by NaTzGUL
24 Februar 1998 __EXPERT__

PHASE 6
SiuL+Hacky's redLinux GUIs. The Chances. (Advanced Linux cracking)
by SiuL+Hacky
01 March 1998 __ADVANCED__
10 July 98 Ozymandias ~ ozyma1.htm Opera 3.21 crack ourtools ~fra_0134
10 July 98 SiuL+Hacky ~ siullin2.htm Ltrace. The Tool (Linux disassembling) advanced
ourtools
~fra_0135
06 Sep 98 SiuL+Hacky ~ siulflex.htm Linux advanced cracking: flexlm advanced
Ourtools
~fra_014C
14 Oct 98 TWD ~ twdaplog.htm Finding an hidden incredible database inside windows98 proj 9
ourtools
~fra_015A
30 Oct 98 by Swann ~ swann_mm.htm A New Toy: reversing the different 'modes' of a target Ourtools ~ fra_0160



How to use Our Tools


PHASE 1
redIDA PRIMER
Ida's philosophy, main settings, how to start
by +Mammon
21 October 1998

You are deep inside Fravia's page of reverse engineering, choose your way out:

USEFUL
Programmer's corner
TOUGH
Our Protections
TOUGH
Packers & Unp

redhomepage red links red anonymity +ORC redstudents' essays redacademy database
redantismut redtools redcocktails redsearch_forms redmail_Fravia
redIs reverse engineering illegal?

red(c) Fravia 1995, 1996, 1997, 1998. All rights reserved