Explain the anti-disassembly technique

Assignment Help C/C++ Programming
Reference no: EM132598331 , Length: 4 pages

Part 1 -Another Bomb

The binary bomber is back again. This bomb, bomb7.exe, has been equipped with anti-disassembly tactics to thwart reversing the key. Reverse engineer the bomb in IDA to diffuse the bomb. It requires a single key as a command line argument to diffuse.

This bomb is very similar to Lab 15-1 from our text book, except it has a different key. You may wish to attempt Lab 15-1 and read the solution on page 645 to help you diffuse this bomb.

1) Explain the anti-disassembly technique used and how it can be defeated in IDA.

2) What is the key to diffuse the bomb? Provide a screenshot of your diffused bomb.

Part 2 - Anti-Debugging

1) Suppose you observe the following code in your disassembly. Explain this code's purpose. Indicate how the location of the PEB is being referenced. What is the PEB?

2) Suppose you observe the following code. Explain this code's purpose and how it achieves its goal.

Part 3 - Packers

1) Lab7-3.exe is a simple program that only produces a pop-up message. Briefly observe at the program's section headers and observe that the virtual size and the raw size for .text and .data sections are roughly the same. Record the file's MD5. Pack the program using CFF Explorer's built-in UPX Utility. Observe the section headers of the packed version. What are your observations of the section headers of the packed version of this program? Why are there drastic differences between the virtual sizes and the raw sizes of each section? What is the MD5 of the packed program? Execute the packed program. Does it appear to operate normally? Finally, load the packed Lab7-1.exe into IDA to see what a packed disassembly may look like. You do not need to analyze the packed code, just simply observe how the disassembly of a packed program looks in IDA.

2) Explain, in general, how packers work. Include the role of the unpacking stub. Indicate where the entry point is for a normal unpacked executable and a packed executable. Why do packed executables execute normally as intended if the code section is compressed on disk?

Part 4 - Anti-Reversing Lab

Your goal for this lab is to get Lab7-4.exe to execute until completion. The software has implemented several anti-reversing techniques to thwart analysis. You must modify the dynamic and/or static binary to get the software to run to completion. You know you are successful when the program produces a pop-up message indicating success. Explain the anti-reversing techniques observed and how you bypassed them. Include screenshots as necessary. If you get the software to produce the success message, provide a screenshot. It is possible to forcefully produce the message without manually defeating each anti-analysis technique, but your goal is to discover and report all potential anti-reversing techniques.

Attachment:- Lab - Anti-Debugging.rar

Reference no: EM132598331

Questions Cloud

What extending the length of a time period in cost : What Extending the length of a time period in cost estimation will result in? Better results because more data is being used./ Confounding data.
Two accounts in terms of TVM : Explain the differences in the amount in these two accounts in terms of TVM.
What the identification of cost drivers is perhaps : What the identification of cost drivers is perhaps the most important step in developing the cost estimate because?The other steps are easier to execute.
Medical assistant providing care to the patient : Document the sutuation and outcome as thought you were the medical assistant providing care to the patient.
Explain the anti-disassembly technique : Explain the anti-disassembly technique used and how it can be defeated in IDA and What is the key to diffuse the bomb? Provide a screenshot of your diffused
Which encouraging managers to make decisions : Internally transferred goods (or services) in order to simulate the marketplace, thus encouraging managers to make decisions that are in the best interest of
Competitive advantage in business environments : Per the textbook, technology is a key driver of change and an important source of competitive advantage in business environments.
What replacement cost of a division assets will most : What Replacement cost of a division's assets will most probably be greater than? Gross book value (GBV) of the assets./ Liquidation value of the assets.
What is the nuremberg code : How did the Lacks family, the media, and the general population view the medical community during the 1950s? What is the Nuremberg Code?

Reviews

Write a Review

C/C++ Programming Questions & Answers

  Create program that uses functions and reference parameters

Create program that uses functions and reference parameters, and asks user for the outside temperature.

  Write a program using vectors and iterators

Write a program using vectors and iterators that allows a user to maintain a personal list of DVD titles

  Write the code required to analyse and display the data

Calculate and store the average for each row and column. Determine and store the values for the Average Map.

  Write a webservices application

Write a webservices application that does a simple four function calculator

  Iimplement a client-server of the game

Iimplement a client-server version of the rock-paper-scissors-lizard-Spock game.

  Model-view-controller

Explain Model-View-Controller paradigm

  Design a nested program

How many levels of nesting are there in this design?

  Convert celsius temperatures to fahrenheit temperatures

Write a C++ program that converts Celsius Temperatures to Fahrenheit Temperatures.

  Evaluate and output the value in the given base

Write C program that will input two values from the user that are a Value and a Base with which you will evaluate and output the Value in the given Base.

  Design a base class shape with virtual functions

Design a base class shape with virtual functions

  Implementation of classes

Implementation of classes Chart and BarChart. Class barChart chould display a simple textual representation of the data

  Technical paper: memory management

Technical Paper: Memory Management, The intent of this paper is to provide you with an in depth knowledge of how memory is used in executing, your programs and its critical support for applications.

Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd