๐Ÿ“š Basics

๐Ÿค“ About the CPU

In this article I will dissect what CPU Cache and TLB are. It can help understand how Meltdown and Specter work.

Memory Addressing

I’ve had a lot of time to dive into certain pecularities of how programs are outlined both in RAM and on disk when working as a malware analyst.

Proccess Memory Layout

Intro At the very beginning of my career I found it hard to grasp the notion of memory layout and stack.

Assembly ๐Ÿ’ฏ

During forensics investigation it’s sometimes needed to reverse engineer some suspicious piece of code. This section is a reverse engineering dive-in section.

Compilation and Linking ๐Ÿ”—

In this article I am trying to reasearch compilation and linking process. Terms .cpp - is a human-readable file written in any programming language.

Data Types

VarInt Is used to safe memory. For example, number 5 only occupies 1 byte, but 1032 will need two bytes to live.

Exceptions

โš ๏ธ Note that x64 does not use this mechanism for exception handling. Consider the following code:

Interrupts

Character Special Files One of the examples of a special files are: /dev/stdin /dev/stdout /dev/random (PRNG which may delay returning a value to acquire additional entropy.

Packers and Unpacking

References [1] Manual unpacking (rus ๐Ÿ‡ท๐Ÿ‡บ) [2] Unpacking FSG 2.0 (rus ๐Ÿ‡ท๐Ÿ‡บ) [3] Introduction to unpacking (rus ๐Ÿ‡ท๐Ÿ‡บ)

Positive and Negative Numbers

Intro One’s complement Two complement

Processes, threads and mutants zombie ๐ŸงŸโ€โ™‚๏ธ

In this article I am describing the difference between a process, thread and mutex. Process When and exe file or other executable file is run, some memory in RAM is allocated and the program’s code and data is read from the hard drive and written into RAM.

iOS Reverse Engineering

During forensic analysis it’s not too rare to run into some suspicious application. In this article I’m going to learn to reverse engineer iOS applications.

Reference vs Value

Lorem markdownum aequalis strigis. Saetigeri iubeas, vultu huic alvum nondum de obside ut laniavit arbor palmis, cum quin.

Mutable vs Immutable

>>> import ctypes >>> a = 5 >>> address = id(a) >>> address 4307917216 >>> ctypes.

โ› Crackme Algorithm

Methodology Look at the strings fs strings and f in radare2 or rabin -zz Find xrefs for the strings of interest axt @ str.

Cracking ๐Ÿ”จ

Any cracking career is supposed to start with solving simple crackme’s. I’ve not been doing it all the time, but I’ve solved several of them from the simplest to a very hard one which required some math knowledge ๐Ÿ˜ฌ. This allowed me to craft some sort of algorithm I would like to share."

From Src to Binary

To read https://www.airs.com/blog/archives/38