ARTeam eZine |
I Hear and I Forget, I See and I Remember, I Do and I Understand |
Introduction
The idea for this project was to provide a means of publication for interesting articles. Not everyone likes to write tutorials, and not everyone feels that the information they have is enough to constitute a publication of any sort. We all run across interesting protections, new methods of debugger detection, and inventive coding techniques. We just wanted to provide the community with somewhere to distribute interesting, sometimes random, reversing information.
While the title of this ezine says ARTeam, we prefer to think that we are acting as a conduit. We really hope that you find this project interesting, and we really want this to be a community project. So if you have an idea for an article, or just something fascinating you want to share, let us know and hopefully we will see a ezine #2. It soon became apparent that the scope of this project went well beyond what we had predicted. A big thanks goes out to all the contributors. Without you this would be a blank page. We also need to thank everyone who has viewed, refined and commented on the production of this ezine. Hopefully we have been able to provide the reversing community something interesting.
The reversing community has been very dynamic in the past few years. We've seen a Ring3 GUI debugger grow in startling popularity. We've seen protection authors dig deeper into the OS in an effort to deter crackers. Unique protections have provided months of analysis for reversers. New inventive tools have been developed in the reversing community in an effort to effectively analyze and understand software protection. And ironically we see some of these tools move back to Ring0.
None of these changes and achievements would have been possible without the amazing and talented reversers that take the time to share their knowledge and teach others. No matter what team you belong to, what level you reverse at, what language you speak, you all make up the same community. A group of people who constantly strive for discovery. None of us are content with accepting things "as they are" we need to know why. We are the scientists of software. We dig deeper than the average user, we see code where everyone else see flashy presentation. We learn this code so well that we can rewrite it, manipulate it, and even improve on it.
Since these are my thoughts, I just want to thank every single member of the reversing community. I couldn't even begin to name every single person who has provided a contribution. We are all spread out among many boards, many teams, even many countries. But I like to think that we all share a certain camaraderie.
Please enjoy the information included among these pages, we had some talented people give us some great submissions.
Downloads
ARTeam eZine - Issue #1 (February 2006)
- Opening Thoughts
- Interviewed: Nilrem of ARTeam
- Unpacking ASProtect v2.1 SKE with Advanced Import Protection - by MaDMAN_H3RCUL3S
- Demystifying TLS Callback - by deroko
- Interview with Armadillo Developers
- Improving StraceNT: Adding Anti-Debugging Functionality - by Shub-Nigurrath
- Reversing Switches - by Gabri3l
- Quickly Remove a Nag - by Lunar Dust
- Developing a Ring0 Loader -by deroko
- Breaking Protocol: Reversing and Exploiting Client Side Communications - by jAgx
- Call for Papers
- Issue #1 Supplments
ARTeam eZine - Issue #2 (November 2006)
- Adding New Functionality to an Old Program - by Gabri3l
- Patching by Using Resource - by ThunderPwr
- Patching Event Driven Nags - by Shub-Nigurrath
- Writing OllyDbg Scripts - by Buzifer
- Utilizing Code Injection on an ACProtect Application - by condzero
- Code Obfuscation - by zyzygy
- Testing for OllyDbg Using NtYieldExecution - by Gabri3l
- Coding a Serial Sniffer - by anorganix
- Ring3 Debugger Detection via INVALID_HANDLE Exception - by deroko
- PEB DLL Hooking: A Novel Method to Hook DLLs - by deroko
- TheMida: No More Ring0 by deroko
- WTM Register Maker v2.0 Case Study - by tHE mUTABLE
- Call for Papers
- Issue #2 Supplments
ARTeam eZine - Issue #3 (April 2008)
- Code Injection - 1Click DVD Copy Pro - by condzero
- MUP AnyDVD v6.1.3.6 by condzero
- Patching PrimaGames eGuides - Single-Byte patching, by sslevin
- ExamDiff Pro v4.XXX Reversing the Protection Schema - by Shub-Nigurrath
- Reversing Business Translator 9.00 - by kaira
- ExeCryptor for Dummies - Or how to unpack ExeCryptor 2.4 without having a clue what you are doing, by Haggar
- OCR Tools Walkthrough of Key Check Routine by ANHS!RK
- The Strange Case of DBG_PRINTEXCEPTION_C & DBG_RIPEXCEPTION - by moid
- Cracking for Fun - by arjuns
- Writing a Self-Keygenerator Loader With Abel - by m1sch13f
- Call for Papers
- Issue #3 Supplments
ARTeam eZine - Issue #4 (March 2009)
- Reversing DEFCON Binary500 Challenge - by Externalist
- Handy Primer on Linux Reversing - by Gunther
- Using .NET Profiling API for a Custom .NET Protection - by Kurapica
- Primer on Reversing PalmOS Applications - Extended Edition by, WAST3D_BYTES, SunTzu
- Reversing the Protection's Scheme of Alexey Pajitnov's Game dwice by Gyver75
- Live Debugging Symbian Applications Using or Not Using IDA by argv
- Interview With Shub - by Gunther
- Call for Papers
- Issue #4 Supplments
Knowledge is Power