Zydis Logo on Background
release

Zydis v4.0 released!

Zydis version v4.0 was released today, now featuring code generation and rewriting as well as many other improvements.

avatar
Joel Höner
Zydis Logo on Background
release

Zydis v2.0 alpha available!

Three years after the initial release of our X86 disassembler library Zydis, we're now proud to announce that v2.0 is close to being complete!

avatar
Joel Höner
Telekom-Logo on Background
exploit

Bypassing Telekom FON hotspot authentication

Today, while troubleshooting some network issues, I discovered one of those too-good-to-be-true vulnerabilities in my router.

avatar
Joel Höner
Illustration: Dumping packed executables using minidumps
misc

Dumping packed executables using minidumps

I'm using this method regularly for about a year now and found it to be very reliable against most common packers that unpack the binary to memory while being very convenient at the same time. Minidumps can be created programmatically using MS' DbgHelp API or simply using a right-click on a process in the task-manager. In case a packer would ever decide to detect the minidump creation using, for example, a ring3 rootkit, you could still run the target executable in a VM and cause a bluescreen to obtain a crash-dump (a few additional steps would be required here). The obtained minidump can then be processed for further analysis using WinDBG.

avatar
Joel Höner
screenshots of IDASkins
release

IDASkins – taking theming IDA outside the disassembly

A few months ago I wrote a tiny but fine plugin for IDA Pro allowing to theme everything that cannot be themed using IDA's built-in color-settings. It comes with a dark theme intended to be combined with the idaConsonance IDA color theme by default, however custom themes can be created using Qt-stylesheets.

avatar
Joel Höner
F.L.I.R.T Text on Background
dev

Identifying library code in statically linked binaries

I recently saw someone asking for a way to apply the .pdb file of a static library to a binary that is using it. Even if that is probably possible with some extra effort, there is a better way to achieve the same advantages without the need to bother with .pdb files: IDA's FLIRT signature feature (Fast Library Identification and Recognition Technology). While most IDA users are aware of the fact that IDA uses to apply some sort of compiler specific signatures to binaries, a lot of them don't know that you can generate these signature files from any static library yourself without too much effort.

avatar
Joel Höner