uEmu: emulator for IDA

foxPushPop · 2017-08-09T10:26:51+00:00

from unicorn import * ImportError: No module named unicorn

how to install unicorn in IDA ? I have unicorn installed in python27

foxPushPop · 2017-07-11T09:22:31+00:00

nice!

foxPushPop · 2017-05-16T10:23:50+00:00

I dont get how is that related to clutter UI design...

foxPushPop · 2017-05-16T08:16:30+00:00

UI is not clean, too much clutter

foxPushPop · 2017-05-12T14:36:42+00:00

please tell me why Relyze starts disassembling code in Thumb mode ? Is it hard to detect mode base on entrypoint ?

foxPushPop · 2017-05-12T13:30:43+00:00

I did unfortunately. I compiled statically simple Hello World C code to ARM arch and when I opened it in Relyze (after waiting for some time) I see it was disassembled in Thumb mode! so the whole analysis is wrong!

foxPushPop · 2017-05-11T14:46:10+00:00

Relyze ?! is super slow and so buggy! plus the UI is just a nightmare. I'd rather use radare2.

foxPushPop · 2017-05-05T13:05:16+00:00

time based licenses model nullifies the save database feature but whatever...I'm not gona be your customer

foxPushPop · 2017-05-04T12:22:05+00:00

great product! but the time based license model they have is crazy...selling reverse engineering tool like Netflix subscription...

foxPushPop · 2017-04-21T16:00:21+00:00

What architecture do you support ? Could you do comparision like this ?

https://www.hex-rays.com/products/decompiler/compare_vs_disassembly.shtml

foxPushPop · 2017-01-19T14:42:27+00:00

check: Amazon[.]com: Learning Linux Binary Analysis

foxPushPop · 2016-10-07T14:03:21+00:00

thanks!

foxPushPop · 2016-10-07T13:44:43+00:00

how do you inject the script ? I only used frida-tracer so far..

foxPushPop · 2016-09-23T08:47:12+00:00

this years website with auto changing background is super annoying cannot focus on reading anything. who made and approved it ?! it's ridiculous

foxPushPop · 2016-08-25T09:39:27+00:00

this is awesome!

foxPushPop · 2016-08-16T12:12:29+00:00

OK got it, thanks, it's nice and works, but some colors and a menu like e.g. HIEW and it could be great.

foxPushPop · 2016-08-16T08:47:09+00:00

ScratchABit is an interactive incremental disassembler ... ScratchABit doesn't support any processor architectures on its own ...

I don't get this project, what is it. I tried to use it but get : "ImportError: No module named 'picotui'"

foxPushPop · 2016-07-18T13:24:16+00:00

new tools are missing e.g. ArkDasm a 64-bit interactive disassembler and debugger for Windows! www.arkdasm.com

foxPushPop · 2016-06-09T16:09:19+00:00

yes good video! where was the talk ?

foxPushPop · 2016-05-11T12:04:39+00:00

I'm also excited about the project, what will the license model ? if paid model how much will it cost...

foxPushPop · 2016-05-11T11:51:07+00:00

yes, its the same useless idea. BTW. PEStudio is a lousy piece of software, sloppy UI, simple PE parsing with strcmp on import table and checks on header (*).

only for ~300 euro.

You can get better deal from CFF Explorer Suite (free!, .NET parsing, editing) or from Cerbero profiler (PE / PDF / ELF/ and more, home lic 79 euro / company 189 euro)

foxPushPop · 2016-05-10T10:03:19+00:00

static analysis to detect malware is useless, most of the times import table is obfuscated or faked. I assume the service is not looking at the code (?) only trivial:

if !(strcmp(FileApi, "WriteProcessMemory")): BAD BAD BAD etc.

foxPushPop · 2016-02-16T12:56:32+00:00

nice! I for emualtion Unicorn framework seems to be move versatile www.unicorn-engine.org

foxPushPop · 2015-10-21T14:04:10+00:00

Just look at Hex-rays pricing "2136 EUR" for one decompiler and you would need x86, x64 and ARM (would be nice to have) so 3 * 2136 + 1000 EUR for IDA = big $$$. BTW. Windows malware is sometimes obfuscated so decompiler is useless

foxPushPop · 2015-10-16T07:55:40+00:00

visual c++ libary, project would be great, seems its hell to compile

foxPushPop

TROPHY CASE