From b8e0379fd2201b2e819f09adfd5b4fd1441ee1ed Mon Sep 17 00:00:00 2001 From: Amanda Rousseau Date: Tue, 28 Mar 2017 15:34:58 -0700 Subject: [PATCH] adding restart button --- dynamic.md | 3 ++- images/restart.png | Bin 0 -> 5637 bytes static.md | 2 +- 3 files changed, 3 insertions(+), 2 deletions(-) create mode 100644 images/restart.png diff --git a/dynamic.md b/dynamic.md index 9d0bf48..e901635 100644 --- a/dynamic.md +++ b/dynamic.md @@ -39,7 +39,8 @@ You will need to sync the debugger and disassembler addresses so you can follow ### XOR Decode Function -Remember use the F2(breakpoint), F7(Step Into), F8(Step Over), F9(Run) keys to navigate through the debugger. +Remember use the F2(breakpoint), F7(Step Into), F8(Step Over), F9(Run) keys to navigate through the debugger. If you accidentally run past the end the of the program you can always restart by clicking ![alt text](https://securedorg.github.io/images/restart.png "restart"). + ![alt text](https://securedorg.github.io/images/dyn6.png "xordecode") In **IDA**, get the offset of the XorDecode function you saved prior. diff --git a/images/restart.png b/images/restart.png new file mode 100644 index 0000000000000000000000000000000000000000..8d6dbc6a89c987db103c59e7f4830ea0a2697565 GIT binary patch literal 5637 zcmZWrWmFtW(jDC0-CYLP!GaAkSP0AjA=nJ=8VCd@5Ii^pcLKqKyL%u=Ah;7W!FBWA z?zj8S`TCshuCBVbZdd)PNF6OzJZx%g004le23FGhbMyS!T$t#8&QHlxqW}PQr>&x* zj+&w(qmG+1!qx!}0DvQtQ!(^OzEcmLj1_*ELQc@yYxj;fMZpAP&@crNs$+7ME)c>@ zx*HgogGZvOM9}7uhl~hy9o`3`-39YvAGAOTNt5Z;h*mnhSNwJ#CY!ATZgwWbSG{*v z+#itwL1SCLXUt&$As=RircMeOG5+jW1^}TvfQS>B_XFFOUw9ZAioW}N=g&P+)b)%>NNq5Hk8rzgW-NXC z*j6iRd)0bJDcr9Bgaim0v%;1D#0%PFWsh&8ENx~+Xt{EF@?Uzo}9l^6zB5e4SGkVsUoWP&$7a=A!#1$Oqa$X)+ z1%ntN;zM6YGUd6C!6(OZ)=6FEztPr(uAI4#A#PE}Yb5wa++)*&Z>*b{RkmnxgnHR- zUhgw?C*G^!VsT*kv+PKu{~S!)%t{(clbqO5i5RO9;A6H4i2cIKPZ*(Lr$v6P<~v3> zF+X52(W#L{OeOG2@lzqaS7O{})`|CtW4rI$SS4@v&3|8%+-Yp|9AXaFF?)oJyK)N) zILKQ5lJ>f;||KJ=Rc~=~ z`{kE#Moz5Nj6wG2QVj3`nmNPYwI8#^+~*ho zc)E?MiAV#Pt5FWow{wYUkww=iC6F?@VJ<`_NaFJ1O*r&H0RpI|LAs|zn$HMBBRC1k z^uk4$WQI^{!)ckshbXYad-5bWkv8N(VBE?uF$HBEL4AC>P`kXGJmD$jJ?d{LGJ)v1 zM0<4SR4Qgdp8yrTx7BEen0`G9F05_1J6$jr{44_JkkK{nYtA32uR@)>yw?M+$w1)% zCG0#Vqjyvr?|fMDz@Wrv%=im1lU|fQ6CRjnI`W6gZNmHz2QI#1|CAttl0p-}j@{d1 zWj<%wXfYxvn#Qh)u_J~62uIz77n#jgvqPNE# zyRj)J>Z#GF!3)u+;nSAWeq3B!j$9mN{dy*4CS^ipn|g*t=!LQg+rtA^&cF0()7oN8 zAWkfDjGZMqoVTO|>L6vM?L+rQ=z;qEGHgav^Xb@3Sd z4li$ihO*vc(Q6TFQD$)$?EnWv!OFK#n`^Fc670(Mf{mbvwdh%qN>QtNPV)Xp$B6BS zbaG~LPN|uG^b7KePx_L%Zm{i!^5F9K+!_r!7oi7=qR??DpNV74B2z=Ao#g@b!Q;W3 zi}r)mZ?Ej9L_i{XqUs_O_R%(aqRS%98EhF8BCn>&_Os7De5u+)WXp?+$#U7|q)KOt zM9Um=>54v|N>9eyk{ypIu-YwL;&n)$Zz#@<918 zemj2Ki>{828$ui68!{M9s_5Oz+soZ6ts=pqS|C#Jpt3wrUGvd3$~Ekak7S{5CDgul zwQ!Ks{=jNPxKijym?iUd20U{%6EAIMEM)xmSmyXDbkC^I_^^Jj{u*Ixo$mB{;a5U( z+l$;6*)J+)rR^>4Q#`{i=xCy1a>mg!$uqw+vNx(VVmO>E=^l}PcWku(a%Xp92CR0j zW^kSI1iLKkPVJViQSLO&o|Ti#4UgJ}%)m;tCoU(LcS$DRwxl%|Hh*iz1&Tn^>Q7I5 z6bu~=i+?K22Z*;A2QS4rJscYyYhH0*S<_3=JH)Zj13@vM=Q44=9cQ)Y#6BM{sjs{) zO?Q`fLawjxNN+uEM($K@Qto6gW-d3cXYXQemu^0vIpcJpqoN(+?pc-!L!*rbY;qOX zTDoEx-E@?6UQgATZJH^#{ABjgUCV#@o<3qP?DScNq5>z2hvD7_fspD?)vw4m$s_ox zp!c93+;1FxtWiZRl$Bog4T3)p9VNu&;}-Pk9(@)1s!?EHFlhP4BFggClFwqkf92it z$jyOb-~RWR>)#Z?0Nj_ zIKoM=ep(GH)?*D?`0KjMYSS8-1-8Qk*7?GXLW<$4;r`)XTEhwc32>C3y6uR4mH3ye zJ26ql1|d%npGc*YBex8DyI@FsLcD7@$E3!lr>Jrj<}e(t+^B46Ui7(0nFYGty9F49z^rQ8-Z<{kM>)b3vASMxn24) zfJ>XJ(|G;G*CuVp)fE5DyYF{?1U|GjrTU+F%kS@5t_JTg9tgx<>>DQ2_t1^Vp5MEi zuTSLAzAcx@cPrc*nzu9cd<*e`s8%XEI({@-zVvM}HIZ}k*#CNLDLZIHJw}Z$HckCL zHe_>S6Zlr^`er3Em*j|pPFpN%TDsvx(XQrN`lUhY+)QWM zlb*l9PltZVe)pxx4->mNIW6(-=AU9#FK?N5H_Yy$E>%-4fXn;PA74Es_kPXt1Q_yr z`g)l*9r#`xitgH5S4o>XcbLB|*e_llpXpqD@NF6GsMt^GtxRz$IiAZ7liBrK_5-e5 zHv4bmZ%)LtGI{$QD=)XMeyRWbBzyOG8gh=|%z%)~dXscVdDnCrdH7+v#7?^+K=`(@ zX0_w#N8n`FxHZuvJzg#Ps|Wu3hf$qJ_mSVz6d6Ffh{}k`*y|XNPLp45dt^_uTR(&4 zwjLL*22RJzI;{9QKj*BlO0Nyqgq)=#??jWyPa$z|pqy4w1Jr2`=yYB|60v?2a7(d2i4z{XFo&$4{9w*W}FN_b_MladdEUm-3Ne{u?3n z$NtL=WM=#u;$bht429@0DmuHt8AbU;_yw3{u^AZ|L2gzEDLo~X|Iq)uWSDI{JY1xJ zKyPnves5uZXE$r0proWEP(TPMB*gaz!RP+k$-~@-&&i$T-%0*2j}qM7(#_Vz!`9h} z@vpq*7S5g?GR(|>3H^8d`=4+h+y5y!x&NoEKLrB+iU0-q1%Us}{f7$r%PXa0>jQUy zD%m>1o!tLu$chMq{)Yd*!2bmQL4^H-DELp}KLYj*X+OA8~D5kzd6z>-C2Mo8RRX^eBpMUYv^F>5S)-&UUh z*D-WH!-C`;YHWf+;jIwk1H0CiQBeZP0a~EMm2&Y%Ekk$<5wH42vW4$ixciBW_dDLr z?h*g?ymK%_kOV9@*zBH~G{6 zWy^U@0b%M@YJIwyGD&Qa3q8;MF)Yd$LQ?U9L~f;8WH0{VmEJq+cG|mL!Pp1dS62}1 z#NM5n#nN>nvL=J)O<#5_iV!`*B=10F-L9|82Y14Q(~Sj^ay#0_QF&(cpx~rPM(`Q) zu*-s)c?tgNmISrcUM4yEj|KY|XO+r0#>I+8oEavr^q$G^g_0dVX(aN}b?FN7ML5YQ z8RIaPR%`+S7y)Zb$1%WF$9Zm#O-D73S7{j*ZT2NX@<0@2yEd$4vxlXIhrc`H85TA% z{PfSvf_iPJn)hriR@K*~y@>dR6*Mou%{q7}M)3)5CDQyXe(QQo+S9=)#xxWEa#e#xN+y7B`f!6YR}l$l3514$q-#nyvkMsu|j> zhUDfy7A#Hi$woom$`+j)2ZqRN(BH{G4_7F@FrUGR=#7U;2teY~#VR$bMQW6AGEJ#a zx7bc7)Kcl2Z*LR=liglOXLmzPC6{pPg}aG4cz;c>f@CITp|+cEu0kdn3!z%G>*xw@WT*}DQgTxdzW8;vADhwC3ytvyn#I|ImY}ptiC5lN@8MJR2HhbCeI{e$idzbOEb8vNecCY)xLm2$) zwT$Aalg__lbzkX$RwTO*Ebv%GFYzad5=On}D;8umh&ZrUx7%)_i^4=YSNkL`^m#vU zXBZaUo<2}I4G%=wGZ$3%3Mix(e@dwM$!C}RmKe{M_VYBUHVXqcH&bphu@ShfT+j9F zg?Nzi@yaUiK4J0D5-iuTXjU%FdE;w*=}?TYUanHy=UIE`Qm&u-=A-$$%rAy6SAO=_ zGbeI`ay?8p78~>pjV){I{^4b4dVQ0YZ4#$vzd&6UGr`7Qx@E5yqz`g64<*Y<;{?LI zg{KnHH6wky`U^-yqzgnF4)s>3gS z@*iw}vIL*xT%NJ2>uQ72_%{Wfq@r21BUzjON9~NZBU3AuD9x zVBJ2$L8ibaRq)0=I;x;cu(nFW|K{AzPRUZFDvck|pEj~pT9>HL8fC8D^WA7!fb@78WUJHY__n0mu#2<^xMSNSf-B%QDYJAXJjocKBfH< zi^VEJ$ZD9-K&+`W#7hSWXt@xR&iF45`^Z`$J$aFME6H2esCS!ec!Q``uJNR*QsFpv zBC|eZl3O>42)`sP2_AcG@%?;cOu}~-#Sk*{F33ZumSV>d!`0Ud`voYcrTzDreuz3A zHf0K%#}KjUCCa^L=6WSV{>yxX?J!7i3J&HWa%^VJh{8%t$&IlV{YZ-7dPNgcs__Zy znIN5Fj8$op!eqIDi-;y+_>brd^Y_%IcJE$7F!xd;P}(G@*XnjT_9)4|Ws3G$co+8s zO@{WgYnJSUI^6T5hsySINucejY-DHAG1M$;6J>1j1YeKd{M{-S-l^%H5d50l&$ zE-;9|jePn+x7K|rDf_zV{f8fl4b7qP4@{QM-c$WT8UqHsv&Ce$E(c=>4=G+1(HbC8 z435>-$8Tt@9I{?moDTfCleMlnD_P1|dUj&_xMrsqB;p4%u1a<2T4|>KpCe7-k)#$r zmXff1(dkXaH)ngo_m}f0>z4?UQHbh{%H0ZXR|dLpe;#fRYlO+~rsiF05AtEekF0XA zBZXk^Oh=UKh<5lO#~TLWP&DBt-$<3u`hMkB6;mC{<$D~FIa4m3DGJ}m-@=evM zH#PTpNb2t$)Ah0va?zkv;O2-r_MKEEX>l^~AjacIC!cGgqXfVmsJLVw*M&MJ%a20F z(Z~6-xD-@|DcQtV5ozT1>4^ z9_(wd6?j=`{nsY)>yp(OF8DGV1*}Bh!L1~HYbBrX|92apa^xgpEO4pQDYHd zvA_S@WE?wCF!OvFien-=Q@(?@tz$$9%U(o8@XL6f)4m@%F(-;H$?qY7hV@16$9g5) zq>87@){%`8?Yu*&4GT<(Da?+?EnOu8iU^ejk^Sy)sS&8R(W8wFR7F|n0{($!^Q z$@0}C_i^z~BC@ZXe=<@3N`LIkU917+B$K+a;gxcytTuAa9{sYG!^F~e%Mxn}_ra&$ nsc&>d=I03Co{HVGthXpao}#s{zeXAUHS(${YbjMdGYkF~#rl4Y literal 0 HcmV?d00001 diff --git a/static.md b/static.md index 9eb7079..7b6db2b 100644 --- a/static.md +++ b/static.md @@ -117,7 +117,7 @@ We can assume that this function is doing some kind of Xor encoding. So let's re Let's use the tool **XORSearch** to see if we can find some interesting xor decoded strings. Open the terminal **cmd.exe** from the start bar, and navigate to the XORSearch.exe -```XORSearch.exe "A string to test"``` +```XORSearch.exe "A string to test"``` *Click Image to Enlarge* [![alt text](https://securedorg.github.io/images/static6.png "xor search")](https://securedorg.github.io/images/static6.png)