Comments on: [MMA 2015] [Reverse – How to use?] Write Up

By: Tsuka

Tsuka — Thu, 10 Sep 2015 07:28:43 +0000

In reply to WtF. Thank you very Much.

By: WtF

WtF — Wed, 09 Sep 2015 23:36:32 +0000

In reply to Info. You have to use the decompiler (and not just stay in disassembler mode) : File / Produce file / Create C file... If you haven't all the returned int values in the file, you have to attach the DLL to rundll32.exe: - Choose windbg as debugger - Debugger / Process options... - Application : rundll32.exe As example: - howtouse_without_windbg.txt - howtouse_with_windbg.txt

By: Info

Info — Wed, 09 Sep 2015 22:28:08 +0000

In reply to WtF. From IDA, how did you get the result to look so "readable". Mine mostly came out with assembly commands.

By: WtF

WtF — Wed, 09 Sep 2015 11:51:00 +0000

In reply to Hackndo. Yes I used IDA :) You can also decompile the DLL with : - Hopper - the Capstone engine + a python decompiler script - radeco

By: Hackndo

Hackndo — Wed, 09 Sep 2015 10:26:39 +0000

In reply to sudhackar. We commonly use IDA Pro for reversing and decompiling. WtF did this challenge, but given his decompiling result, I would assume he used IDA. (I'll let him confirm though)