Amiga Reverse Engineer Custom MFM Disk Format: Street Fighter 2

Some time ago I wrote a tutorial about the copy protection used in the Amiga version of Street Fighter 2. The tutorial explains the inner workings of the custom disk format used and how to rip the data from the copy protected disks and reconstruct working (and copyable) AmigaDOS disk images. The tutorial was originally … More Amiga Reverse Engineer Custom MFM Disk Format: Street Fighter 2

Exploit Development 5: Reflective DLL Injection

Introduction Reflective DLL injection is being used to inject a DLL into a process without reading it from the storage. A stager is executed from the exploited buffer, which in turn retrieves the DLL from a server. The DLL is directly loaded and mapped into the process address space and execution is being handed over … More Exploit Development 5: Reflective DLL Injection

Exploit Development 3: ROP buffer overflow

In the previous two tutorials we looked at how to exploit the vulnerable application with EIP as well as SEH based buffer overflow attacks. This time we will have a look at how to exploit the application when DEP (Data Execution Protection) is enabled. Code execution will be forbidden on the stack and will result in an access … More Exploit Development 3: ROP buffer overflow

Exploit Development 2: SEH buffer overflow

This time we’re going to take a closer look at SEH (Structured Exception Handling) based exploits. Setup Compile the executable and library with the following options set: Analysis The idea is basically to overwrite the pointer to the exception handler and make it point to your injected shellcode. After an exception is triggered the hijacked … More Exploit Development 2: SEH buffer overflow