Category: Assembler / Reverse engineering

Assembler (Assembly) is the oldest programming language of all existing. This language is the closest one to the machine language – the native language for computers. It provides direct access to computer hardware, requiring a deep understanding of the architecture and principles of your computer and system operation. Reverse-engineering is a process of restoring the source code from binary data. It can assist in subsequent analysis in order to understand the principles of the program work. In some cases this is a violation of copyright. Even if reverse engineering is performed only to find undocumented features of the investigated code or to search for errors in it.

Assembler language

Assembler is a low-level language, usually specific to some peculiar processor architecture. We include articles containing the source code with instructions in Assembler describing the low-level organization of system components or relating to reverse engineering into this category. It is assumed that a reader has basic knowledge of programming using processor commands.

Building

In most cases it’s about instructions of the x86 family of processors. If a source code is attached to an article, it can be built by using masm 6.15.

Fixing asynchronous COM bug at application startup

My article “Asynchronous COM for Windows Vista and Win7 — memory overwrite bug” is describing an error that appeared in these operation systems. Reliable work of the asynchronous COM was extremely important for the software that was under development (and for sale as well by this time). Multiple appeals to Microsoft with a request to fix

Functions call interception via replacement of header bytes by JMP or CALL instructions

I was describing a method of functions call interception by means of an import table in one of my previous articles. This method is more universal, since it gives an opportunity to intercept almost any calls (please see the limitations list below). However, this one is more complicated, since header modification code needs disassembling skills

A hook on a function call via modifying an import table

There are situations in terms of large projects when it is necessary to correct the work of one or more third-party components (such as libraries as a part of an application). The source code is rarely available in these cases and we have to use hacker approaches. I am going to consider one of the

Self-modifying programs – applying patch

Many people might think that only creating viruses and trojans needs a self-modifying code in order to hinder detection by antivirus programs. However, this is not the case and the practice shows that it is the great and most powerful Microsoft that is forcing us to deal with this. One might ask – “Why?”. It is