Binary art - Byte-ing the PE that fails you (live version)

Binary artByte-ing the PE that fails you

3rd November 2012Lucerne, Switzerland

Ange Albertinihttp://corkami.com

agenda

what's a PE?the problem, and my approach

overview of the PE formatclassic tricksnew tricks

PPortable EExecutable

CCommon OObject FFile FFormatbased on

PEuniversal universal Windows binaryWindows binarysince 1993

pe101pe101.corkami.com.corkami.com

the problem...

aka “the gentle guide to standard PEs”

CVE-2012-2273

version_mini

normal

...and my approach

block by block

a completecomplete executable

pepe.corkami.com.corkami.com

...call [API]…

Imports

API: … ret

Exports

65535sects

maxsecXP

nosection*

1 ≤ FileAlignment == SectionAlignment ≤ 800

foldedhdr

ctxt*ctxt*

★★NNeeww★★ tricks

mininormal64

dllnomain*

imports_virtdesc

dd OriginalFirstThunkdd TimeDateStampdd ForwarderChain----------------------------dd Namedd FirstThunk

corkamix

seh_change64

ibreloc

fakerelocs

reloccrypt

maxvals

hdrcode

traceless

tinynet

...imports

...relocs

...CLR

corkamix

Conclusion

Conclusion● the Windows executable format is complex● mostly covered, but many little traps

● new discoveries every day :(

http://pe101.corkami.comhttp://pe.corkami.com

Questions?Thanks to

Fabian Sauter, Peter Ferrie, وليد عصرBernhard Treutwein, Costin Ionescu, Deroko, Ivanlef0u, Kris Kaspersky, Moritz Kroll, Thomas Siebert, Tomislav Peričin, Kris McConkey, Lyr1k, Gunther, Sergey Bratus, frank2, Ero Carrera, Jindřich Kubec, Lord Noteworthy, Mohab Ali, Ashutosh Mehra, Gynvael Coldwind, Nicolas Ruff, Aurélien Lebrun, Daniel Plohmann, Gorka Ramírez, 최진영 , Adam Błaszczyk, 板橋一正 , Gil Dabah, Juriaan Bremer, Bruce Dang, Mateusz Jurczyk, Markus Hinderhofer, Sebastian Biallas, Igor Skochinsky, Ильфак Гильфанов, Alex Ionescu, Alexander Sotirov, Cathal Mullaney

Thank YOU!

@ange4771@ange4771Ange Albertini @gmail.com

http://corkami.com

exe2pe, dosZMXP

aa86drop.com

Binary art - Byte-ing the PE that fails you (live version)

Documents

Transcript of Binary art - Byte-ing the PE that fails you (live version)

MIPS%Architecture% - uml.edu · MIPS%Architecture% % • Topics – Whatresources%MIPS%assembly%manipulate% – Represen:ng%informaon%as%bits% • Binary/Hexadecimal% • Byte%representaons%

Coding Interview Questions - Home - Byte by Byte

BITS, BYTES, AND INTEGERSdjp3.westmont.edu/classes/2017_01_CS045/Lectures/Lecture_07.pdf · BITS, BYTES, AND INTEGERS ... • Byte = 8 bits • Binary 00000000 2 to 11111111 2 ...

Bits and Bytes Topics Why bits? Representing information as bits Binary/Hexadecimal Byte representations »numbers »characters and strings »Instructions.

Unit-III (1) Explain instruction format and Opcode format ...Each instruction of 8085 has 1 byte opcode. With 8 bit binary code, we can generate 256 different binary codes. In this,

File Organization Terms and Concepts Bit: Smallest unit of data; binary digit (0,1) Byte: Group of bits that represents a single character Field: Group.

Managing Data Resources. File Organization Terms and Concepts Bit: Smallest unit of data; binary digit (0,1) Byte: Group of bits that represents a single.

Bits and Bytes January 17, 2002 Topics Why bits? Representing information as bits –Binary/Hexadecimal –Byte representations »numbers »characters and strings.

Goin’ Digital · 2020-03-10 · Simplest Digital System is Binary Binary means two states. We typically refer to them as 0 and 1, called bits The bits are arranged as a byte or

Binary art - Byte-ing the PE that fails you (extended offline version)

Floating point numerical information. Previously discussed Recall that: A byte is a memory cell consisting of 8 switches and can store a binary number.

C14: Input/Output Streams. Streams vs. Readers/Writerse Confusing number of alternatives: –Streams: for binary 8bit (byte) quantities –Readers/Writers:

February 3 Interpretation of Digital Data Bit and Byte ASCII Binary Image Recording Media and Formats Geometric corrections Image registration Projections.

Bits and Bytes Spring, 2015 Topics Why bits? Representing information as bits Binary / Hexadecimal Byte representations »Numbers »Characters and strings.

Queensland University of Technology. Dreaming bad…. PhD fails Job application fails Promotion application fails Grant proposal fails ( internal.

EPC C1G2 BATTERYLESS LOAD SENSOR€¦ · rawdata Byte 1 Byte 2 Byte 3 Byte 4 Byte 5 content HEADER (uint8): datagram header ’0xAA’. The header will be set once the micro-controller

Smart Digital Magnetometer HMR2300 - Honeywell · PDF filea recieved carriage return byte (0D hex), ... If manually sent, ... or a binary coded decimal (BCD)

sqlprotocoldoc.blob.core.windows.net€¦ · Web view1.3 Structure Overview ... Some computer architectures order bytes in a binary word from ... A 4-byte Float value field that

When IT Fails The Business Fails...

Web viewKey Word: Definition; Denary/Decimal. Base 10. Binary. Base 2. Bit. Nibble. Byte. Kilobyte. Megabyte. Gigabyte. Terabyte. Hexadecimal. ASCII. Unicode