User Account

All Pages

Explain the anti-disassembly technique

Assignment Help C/C++ Programming
Reference no: EM132598331 , Length: 4 pages

Part 1 -Another Bomb

The binary bomber is back again. This bomb, bomb7.exe, has been equipped with anti-disassembly tactics to thwart reversing the key. Reverse engineer the bomb in IDA to diffuse the bomb. It requires a single key as a command line argument to diffuse.

This bomb is very similar to Lab 15-1 from our text book, except it has a different key. You may wish to attempt Lab 15-1 and read the solution on page 645 to help you diffuse this bomb.

1) Explain the anti-disassembly technique used and how it can be defeated in IDA.

2) What is the key to diffuse the bomb? Provide a screenshot of your diffused bomb.

Part 2 - Anti-Debugging

1) Suppose you observe the following code in your disassembly. Explain this code's purpose. Indicate how the location of the PEB is being referenced. What is the PEB?

2) Suppose you observe the following code. Explain this code's purpose and how it achieves its goal.

Part 3 - Packers

1) Lab7-3.exe is a simple program that only produces a pop-up message. Briefly observe at the program's section headers and observe that the virtual size and the raw size for .text and .data sections are roughly the same. Record the file's MD5. Pack the program using CFF Explorer's built-in UPX Utility. Observe the section headers of the packed version. What are your observations of the section headers of the packed version of this program? Why are there drastic differences between the virtual sizes and the raw sizes of each section? What is the MD5 of the packed program? Execute the packed program. Does it appear to operate normally? Finally, load the packed Lab7-1.exe into IDA to see what a packed disassembly may look like. You do not need to analyze the packed code, just simply observe how the disassembly of a packed program looks in IDA.

2) Explain, in general, how packers work. Include the role of the unpacking stub. Indicate where the entry point is for a normal unpacked executable and a packed executable. Why do packed executables execute normally as intended if the code section is compressed on disk?

Part 4 - Anti-Reversing Lab

Your goal for this lab is to get Lab7-4.exe to execute until completion. The software has implemented several anti-reversing techniques to thwart analysis. You must modify the dynamic and/or static binary to get the software to run to completion. You know you are successful when the program produces a pop-up message indicating success. Explain the anti-reversing techniques observed and how you bypassed them. Include screenshots as necessary. If you get the software to produce the success message, provide a screenshot. It is possible to forcefully produce the message without manually defeating each anti-analysis technique, but your goal is to discover and report all potential anti-reversing techniques.

Attachment:- Lab - Anti-Debugging.rar

Reference no: EM132598331

Questions Cloud

What extending the length of a time period in cost : What Extending the length of a time period in cost estimation will result in? Better results because more data is being used./ Confounding data.
Two accounts in terms of TVM : Explain the differences in the amount in these two accounts in terms of TVM.
What the identification of cost drivers is perhaps : What the identification of cost drivers is perhaps the most important step in developing the cost estimate because?The other steps are easier to execute.
Medical assistant providing care to the patient : Document the sutuation and outcome as thought you were the medical assistant providing care to the patient.
Explain the anti-disassembly technique : Explain the anti-disassembly technique used and how it can be defeated in IDA and What is the key to diffuse the bomb? Provide a screenshot of your diffused
Which encouraging managers to make decisions : Internally transferred goods (or services) in order to simulate the marketplace, thus encouraging managers to make decisions that are in the best interest of
Competitive advantage in business environments : Per the textbook, technology is a key driver of change and an important source of competitive advantage in business environments.
What replacement cost of a division assets will most : What Replacement cost of a division's assets will most probably be greater than? Gross book value (GBV) of the assets./ Liquidation value of the assets.
What is the nuremberg code : How did the Lacks family, the media, and the general population view the medical community during the 1950s? What is the Nuremberg Code?

Reviews

Write a Review

C/C++ Programming Questions & Answers

  Write a function base

Write a function base(b,x) that computes the representation of x in an arbitrary base b.

  Write a program that determines the change to be dispensed

Write a program that determines the change to be dispensed from a vending machine. An item in the machine can cost between 25 cents and 1 dollar.

  C++ programming to add-subtract-multiply or divide two no

create a text-based, menu-driven program that allows the user to choose whether to add, subtract, multiply or divide two numbers. The program should then input two double values from the use, perform the appropriate calculation, and display the re..

  Various roles that the small business administration

List and explain the various roles that the small business administration (SBA) play in helping small business obtain necessary financing.

  Developing programs using stl containers and inheritance

Write C++ code using STL container class objects and Use inheritance to facilitate programming with objects - You might have to work on the code

  Determine ip address of the computer that was compromised

You've been asked to review the PCAP file and determine the IP address of the computer that was compromised, in addition to all possibly malicious IP addresses to which the system connected after the infection.

  Implement a c program to collect cat information

COMP 2401 - Your program will prompt the user for information to populate a cat collection. This collection structure contains a dynamically allocated doubly linked list of dynamically allocated cat structures. Once the cat linked list is populate..

  Write the select query

Assume the table "books" contains books that the company stocks. Assume the table order_lines only contains books that have actually been ordered.

  Wap that tells how many months it will take to pay off loan

You have just purchased a stereo system that cost $1,000 on the following credit plan: no down payment, an interest rate of 18% per year.

  Program to determine whether the year is leap or not

Write a C program to determine whether the year entered from the keyboard is a leap year. Display a message indicating whether the year is or is not a leap year.

  Create a date object using the class default constructor

Carla created a class called Date. Jameel has been assigned a program to use the Date class as part of a program to create employee records that include dates.

  Project - RATCH - The Ru bATCH job simulator

Operating Systems Project - RATCH - The Ru bATCH job simulator. For this project, you will build upon your interactive shell from project

Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

Submit Assignment

Academics

Major Subjects

Majors

Get In Touch

whatsapp: +1-415-670-9521

Phone: +1-415-670-9521

Email: [email protected]

TERMS & POLICIES

HELP & SUPPORT

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd