Small gdbinit update...

Things have been very quiet since the beginning of September… Well my MBA has started and my free time until now has been ZERO! It has been a fun but very busy ride and comeback to the world of economics. The first weeks are recruit like, pretty intensive with many assignments to be delivered. The recruit is now over and I should have more free time for playing again with reversing 😄....

October 11, 2009 · 2 min · 226 words

GDB patches

Here you have the patches I did for GDB: To fix problem with gdbinit To display raw bytes in x/i and disassemble commands To warn about possible number of sections anti-debug trick You can download a single patch for all changes or one for each individual change. A patched GDB binary for Intel only is available, if you trust my binaries (copy to /usr/libexec/gdb). PHP max upload size doesn’t let me add the patched source package (can’t change it due to its impact on others)....

August 26, 2009 · 2 min · 249 words

Anatomy of a GDB anti-debug trick part II: GDB isn’t alone!

After having found the source of the GDB anti-debug trick, I started modifying GDB to work around the problem and fix the number of sections on the fly (it’s simple to calculate the real number of sections). I was coding on a long train trip and everything was going great… My hack worked and GDB fixed and loaded the file without a problem. Next step was to run the program but when I tried I had this surprise:...

August 26, 2009 · 4 min · 846 words

Reversing Pokerstars online poker client (I hope they aren’t from Vegas !!!)

Today I bring you something from the old projects trunk. Like many other millions of people I enjoy playing online Texas Hold’em Poker. I started with Pokerstars three years ago, and after a while, diabolical ideas came to my head about reversing the client to have a peek into their communication protocol (what else were you expecting? I love to break things!). The project was on hold for a long time (started when Windows was my daily OS)....

August 20, 2009 · 3 min · 436 words

Anatomy of a GDB anti-debug trick

Well, it seems this is the GDB post season! The past days have been dedicated to mess around with GDB source code and today I have what I think it’s a nice story to tell. After hacking off my old wish of having the disassembly raw bytes to be printed (like Ollydbg, Softice, IDA, otx, etc…) I was interested in trying to fix one anti-debug trick. This presentation by nemo shows an anti-debug trick that works against GDB and others....

August 13, 2009 · 6 min · 1093 words