- Usermode test(v0.1): a usermode opcode tester, covering most opcodes, including rare, obsolete, recent, undocumented, 64 bits, exception triggers, anti-debugs.... (gathering and extending the result of my previous blog entries and programs)
- Following Peter Ferrie's article, I wrote a commented source of JJencode, the funny javascript obfuscator, along with a dumb decryption script.
- I extended y0da's binary corpus, with various compiled files and my own experimental PEs, to build my own binary corpus. It covers a lot of different compilers, sections layout, image directories,...
- I created a simple screencast to introduce tracing with OllyDbg, based on Oleh's tutorial.
Posts
Great collection of PE files! Can't wait to test them on my own tools :)
ReplyDeletebw
Good ! I hope they'll be useful !
ReplyDeletesection count limit was removed in Vista. 64kb-1 sections are now possible. :-(
ReplyDeleteThere are other tricks that might not be in the corpus, like large headers, odd optional header size, OOB entrypoint, VA entrypoint (not RVA)...
smallest executable on 64 bit is 268 bytes.
Interesting, I'll have to update the corpus then ;)
ReplyDelete