Jump to content



Welcome to AstaHost - Dear Guest , Please Register here to get Your own website. - Ask a Question / Express Opinion / Reply w/o Sign-Up!

Toggle shoutbox Shoutbox Open the Shoutbox in a popup

@  yordan : (25 May 2013 - 07:59 PM) Yay, Shoutbox Is Back! Yahooo!
@  agyat : (24 May 2013 - 05:15 PM) O Dear, Where Are You? Without Your Words This Sb Is ..
@  agyat : (23 May 2013 - 01:23 AM) Wow! Mr. Sb Back Home.
@  OpaQue : (23 May 2013 - 12:44 AM) Ting
@  OpaQue : (24 April 2013 - 02:44 PM) I guess, Time to run Mycent script.
@  OpaQue : (24 April 2013 - 02:43 PM) wow.. not much spam. except habatt posting lot of links.. :P
@  yordan : (23 April 2013 - 01:04 PM) You're welcome, agyat. Nice to have been helpful. Second lesson: try full words, "you" instead of "EW".
@  agyat : (23 April 2013 - 05:03 AM) @YORDAN: tHANK EW FOR YOUR FIRST LESSON.   :D
@  yordan : (22 April 2013 - 09:43 PM) @agyat : "why don't you help me", or "please help me", or "please teach us"
@  yordan : (22 April 2013 - 09:42 PM) welcome back, velma
@  velma : (22 April 2013 - 07:51 AM) **yawns** Good to be back, wonder what is going on here :)
@  agyat : (22 April 2013 - 03:50 AM) Oh! so, why don't help me learn english..
@  yordan : (21 April 2013 - 08:38 PM) The goal mentioned by shiu : "learning english, learning computer"
@  agyat : (21 April 2013 - 06:31 PM) WHAT GOAL?
@  yordan : (20 April 2013 - 10:39 AM) yes, that's our goal. simultaneouly learning English and teaching/learning computer using.
@  shiyu : (20 April 2013 - 07:30 AM) learning english,learning computer
@  yordan : (19 April 2013 - 01:11 PM) Oh, I see, it's just a trick in order to force people looking at your texte. Somehow smart, maybe.
@  agyat : (19 April 2013 - 02:54 AM) And of course I know it is not SEO friendly.
@  agyat : (19 April 2013 - 02:52 AM) There may be two possible answers for that ....


1) Shout was posted using mobile keypad.

2) To force people read content carefully and/or with more concentration.
@  agyat : (19 April 2013 - 02:49 AM) There may be two possible answers for that ....

Photo
- - - - -

Yahoo! Protocol: Part 16 - Assembly Analysis

Started by tansqrx, Apr 23 2007 05:22 AM

No replies to this topic

#1 tansqrx

tansqrx

    Super Member

  • [HOSTED]
  • 759 posts

Posted 23 April 2007 - 05:22 AM

Overview

To truly understand why a booter or any other types of exploits function, an investigator must have a look at the program’s source code. In the case of Yahoo! Messenger which is a closed source program, I am forced to dive into the dark and sometimes mystical realm of assembly debugging. By exploring the Yahoo! Messenger assembly code and the machine state at the time of a crash I can reveal why, on the machine level, how a booter works. Perhaps more importantly, is it possible to run arbitrary code from a remote attack.

Tools

In order to explore the assembly and machine states of Yahoo! Messenger, I used several assembly debuggers. The most used program is OllyDbg [http://home.t-online...home/Ollydbg/]. OllyDbg shows all the machine instructions that make up a program and also allows attachment to a currently running program. Two other tools that I used were Microsoft’s WinDbg [http://www.microsoft...ddk/debugging/] and DataRescue’s IDA Pro [http://www.datarescue.com/idabase/]. Each program has its strong points and I used knowledge gained from each program to complete an overall assessment of the crash. Figure 36 shows OllyDbg open and attached to Yahoo! Messenger just after a crash.

Posted Image
Figure 36 - OllyDbg


Edited by tansqrx, 05 March 2009 - 07:21 PM.

Back to Yahoo!

Reply to this topic



  


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Open Discussion & Free Web Hosting
  2. Computers & Tech
  3. Search Engines
  4. Yahoo!
  5. Rules