Archive

Archive for the ‘MS Windows’ Category

Volatility Installer

May 3rd, 2011 No comments

Como ya sabréis, Volatility es un producto de código abierto de “Volatile Systems” escrito en Python orientado al análisis forense de memoria RAM en entornos Windows.

Una vez instalado es muy potente y sencillo de usar, pero tienes que dedicarle un “ratito” a la instalación… Con el objetivo de hacer más sencillo el proceso de instalación ha nacido un proyecto en Google Code de la mano de Juan Garrido llamado Volatility Installer, en el que he tenido la suerte de participar en la versión UNIX del script.

El proceso de instalación sería el siguiente:

[[email protected] ~]$ uname -a
FreeBSD hellforce1.hell.lan 8.2-RELEASE FreeBSD 8.2-RELEASE #0: Fri Feb 18 02:24:46 UTC 2011     [email protected]:/usr/obj/usr/src/sys/GENERIC  i386
[[email protected] ~]$ wget http://volatility-installer.googlecode.com/files/install.volatility.tar.gz
--2011-05-03 01:42:29--  http://volatility-installer.googlecode.com/files/install.volatility.tar.gz
Resolviendo volatility-installer.googlecode.com (volatility-installer.googlecode.com)... 209.85.147.82
Connecting to volatility-installer.googlecode.com (volatility-installer.googlecode.com)|209.85.147.82|:80... conectado.
Petición HTTP enviada, esperando respuesta... 200 OK
Longitud: 8935 (8,7K) [application/x-gzip]
Saving to: `install.volatility.tar.gz'

100%[===================================================================================================================================================================================================>] 8.935       --.-K/s   in 0s      

2011-05-03 01:42:29 (54,8 MB/s) - `install.volatility.tar.gz' saved [8935/8935]

[[email protected] ~]$ sha1 install.volatility.tar.gz | grep 51f4505f2ed2d53a724cfe4761fa7d45818fbcc4
SHA1 (install.volatility.tar.gz) = 51f4505f2ed2d53a724cfe4761fa7d45818fbcc4
[[email protected] ~]$ tar xf install.volatility.tar.gz
[[email protected] ~]$ cd install.volatility
[[email protected] ~/install.volatility]$ ./volatility.installer.sh 

##################################################
#     Volatility Installer UNIX Script v0.3b     #
# http://code.google.com/p/volatility-installer/ #
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~#
# Project leader: Juan Garrido (aka Silverhack)  #
# Script written by: Chema Garcia (aka sch3m4)   #
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~#
# Contact:                                       #
#           http://safetybits.net                    #
#           [email protected] #
#           [email protected] #
##################################################

Usage: ./volatility.installer.sh <options>

+ Options:
 -v -------> Install Volatility
 -p -------> Install plugins
 -r -------> Install PyCrypto
 -y -------> Install libyara
 -t -------> Install yara-python
 -d -------> Install Distorm
 -s -------> Install libdasm
 -f -------> Install pefile
 -A -------> * Install all above

[[email protected] ~/install.volatility]$ ./volatility-installer -A

##################################################
#     Volatility Installer UNIX Script v0.3b     #
# http://code.google.com/p/volatility-installer/ #
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~#
# Project leader: Juan Garrido (aka Silverhack)  #
# Script written by: Chema Garcia (aka sch3m4)   #
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~#
# Contact:                                       #
#           http://safetybits.net                    #
#           [email protected] #
#           [email protected] #
##################################################

[i] Installing: Volatility
 + Url: https://www.volatilesystems.com/volatility/1.3/Volatility-1.3_Beta.tar.gz
 + File: volatility.tar.gz
 + Folder: Volatility-1.3_Beta
 + MD5: 77d05a5e93ea77425379a306024b739b
 + SHA256: 7d4dd429a488671c559c6f5de0d3fae6d3d1f9eb67c19e399495a1b6aa31d392\n

 - Downloading...
 OK
 - Verifing checksums...
 OK
 - Extracting Volatility...
 OK
 - Installing...
Password:
 OK
 - Cleaning...
 OK

[i] Installing: PyCrypto
 + Url: http://www.amk.ca/files/python/crypto/pycrypto-2.0.1.tar.gz
 + File: pycrypto-2.0.1.tar.gz
 + Folder: pycrypto-2.0.1
 + MD5: 4d5674f3898a573691ffb335e8d749cd
 + SHA256: b08d4ed54c9403c77778a3803e53a4f33f359b42d94f6f3e14abb1bf4941e6ea\n

 - Downloading...
 OK
 - Verifing checksums...
 OK
 - Extracting PyCrypto...
 OK
 - Installing...
 OK
 - Cleaning...
 OK

[i] Installing: LibDASM
 + Url: http://www.klake.org/~jt/misc/libdasm-1.5.tar.gz
 + File: libdasm-1.5.tar.gz
 + Folder: libdasm-1.5
 + MD5: f166d83ba73ae7f7f260366ba7155787
 + SHA256: 34d6c17dbb318bf2e21c6a3ae7dcc53d918ce247f1bd422b123d5e41a730a676\n

 - Downloading...
 OK
 - Verifing checksums...
 OK
 - Extracting LibDASM...
 OK
 - Installing...
 OK
 - Cleaning...
 OK

[i] Installing: Distorm3
 + Url: http://distorm.googlecode.com/files/distorm3.zip
 + File: distorm3.zip
 + Folder: distorm3
 + MD5: eb80e8901d4c52965b0de9ea5b7dca91
 + SHA256: 4fba8606caab377d10646953a205507a1faa184047f869cc13e62b1ebf4a1b0e\n

 - Downloading...
 OK
 - Verifing checksums...
 OK
 - Extracting Distorm3...
 OK
 - Installing...
 OK
 - Cleaning...
 OK

[i] Installing: Yara
 + Url: http://yara-project.googlecode.com/files/yara-1.4.tar.gz
 + File: yara-1.4.tar.gz
 + Folder: yara-1.4
 + MD5: ecc744a67482dc9d717936ccd69dc39f
 + SHA256: c040cc139030e49f736200d3a951922d417fc660cf4c81484ff1ca1a06f83952\n

 - Downloading...
 OK
 - Verifing checksums...
 OK
 - Extracting Yara...
 OK
 - Installing...
 OK
 - Cleaning...
 OK

[i] Installing: Yara-Python
 + Url: http://yara-project.googlecode.com/files/yara-python-1.4a.tar.gz
 + File: yara-python-1.4a.tar.gz
 + Folder: yara-python-1.4a
 + MD5: 0754dcc834c7f69ed0382d895d9a10cc
 + SHA256: 0221b6b5178edc99584fb0e082ebbc454e3e33701112f7041349e547a8aabc66\n

 - Downloading...
 OK
 - Verifing checksums...
 OK
 - Extracting Yara-Python...
 OK
 - Installing...
 OK
 - Cleaning...
 OK

[i] Installing: PEFile
 + Url: http://pefile.googlecode.com/files/pefile-1.2.10-102.tar.gz
 + File: pefile-1.2.10-102.tar.gz
 + Folder: pefile-1.2.10-102
 + MD5: 0047429fbd7b8bad8f5c583291b598f9
 + SHA256: 29d8b6fb4d30b1b45b801526591e8f23fb539cc059ed79d5aa34be93a9734dfe\n

 - Downloading...
 OK
 - Verifing checksums...
 OK
 - Extracting PEFile...
 OK
 - Installing...
 OK
 - Cleaning...
 OK

[i] Installing plugin: DriverIRP
 + Url: http://mhl-malware-scripts.googlecode.com/files/driverirp.py
 + File: driverirp.py
 + Folder: memory_plugins
 + MD5: 0696eefa51362b71606337b8d04d886f
 + SHA256: 7edf7373260462b36ac985837f28c27623e229291d7a1550334fcb2f667fc0fc\n

 - Downloading...
 OK
 - Verifing checksums...
 OK
 - Installing DriverIRP...
 OK
 - Cleaning...
 OK

[i] Installing plugin: GetSIDs
 + Url: http://www.cc.gatech.edu/~brendan/volatility/dl/getsids.py
 + File: getsids.py
 + Folder: memory_plugins
 + MD5: 49353f0a48a1f9b2411439fb8a0973dc
 + SHA256: a403bfbb98d49d9a73cc0f9928994f5ed3bcbf9ef249627e1bb0b86f2c24e41b\n

 - Downloading...
 OK
 - Verifing checksums...
 OK
 - Installing GetSIDs...
 OK
 - Cleaning...
 OK

[i] Installing plugin: SSDT
 + Url: http://www.cc.gatech.edu/~brendan/volatility/dl/ssdt.py
 + File: ssdt.py
 + Folder: memory_plugins
 + MD5: c820f40174bd42e77608d0415ed021c6
 + SHA256: 5760e5fba87b5fb536c0ad80ec6621bd43fa28ded8b75055380a6ac83db7f187\n

 - Downloading...
 OK
 - Verifing checksums...
 OK
 - Installing SSDT...
 OK
 - Cleaning...
 OK

[i] Installing plugin: ModDump
 + Url: http://www.cc.gatech.edu/~brendan/volatility/dl/moddump.py
 + File: moddump.py
 + Folder: memory_plugins
 + MD5: a6a98d106793bf674d8276a7ca127f4c
 + SHA256: 93771efe555c99d720371a5f6556aa9c734a49d514e782e0d3ceaf097019e522\n

 - Downloading...
 OK
 - Verifing checksums...
 OK
 - Installing ModDump...
 OK
 - Cleaning...
 OK

[i] Installing plugin: VolShell
 + Url: http://www.cc.gatech.edu/~brendan/volatility/dl/volshell.py
 + File: volshell.py
 + Folder: memory_plugins
 + MD5: 0012136fdef54c479eec44b7f19b5bcc
 + SHA256: e0b0b23eb00bf25b160399916004afe34da1c8ae3ebb870e901d09147f310962\n

 - Downloading...
 OK
 - Verifing checksums...
 OK
 - Installing VolShell...
 OK
 - Cleaning...
 OK

[i] Installing plugin: MalFind2
 + Url: http://mhl-malware-scripts.googlecode.com/files/malfind2.py
 + File: malfind2.py
 + Folder: memory_plugins
 + MD5: b9212ae50a800ffabfa5889bb7e3766b
 + SHA256: 8ad794435ad7a3cda7e3ec12525c781b14f5f09d6e37ffc39e5923ac07c304ec\n

 - Downloading...
 OK
 - Verifing checksums...
 OK
 - Installing MalFind2...
 OK
 - Cleaning...
 OK

[i] Installing plugin: CryptoScan
 + Url: http://jessekornblum.com/tools/volatility/cryptoscan.py
 + File: cryptoscan.py
 + Folder: memory_plugins
 + MD5: 523f67f6c19fa5637c35accef492a04b
 + SHA256: c6d97346eefe7c27cda73ed711ea3225d509c5162ae346f8fa66c6159898c9c6\n

 - Downloading...
 OK
 - Verifing checksums...
 OK
 - Installing CryptoScan...
 OK
 - Cleaning...
 OK

[i] Installing plugin: Suspicious
 + Url: http://jessekornblum.com/tools/volatility/suspicious.py
 + File: suspicious.py
 + Folder: memory_plugins
 + MD5: d751b34f2ef1713a5f599ea7fae20c1b
 + SHA256: 7941afa01e6de182c8e7452a23908be86702fa9b691dea0d56ff0a6d2bcdda43\n

 - Downloading...
 OK
 - Verifing checksums...
 OK
 - Installing Suspicious...
 OK
 - Cleaning...
 OK

[i] Installing plugin: PsTree
 + Url: http://www.pyflag.net/volatility/pstree.py
 + File: pstree.py
 + Folder: memory_plugins
 + MD5: cabf40d8fc1fc52e1a89930dec1ccec9
 + SHA256: ef2f719a3213c6e637735ad9a4a6bd04e922fa177d7c8651f4d8bd75c8cfa2c9\n

 - Downloading...
 OK
 - Verifing checksums...
 OK
 - Installing PsTree...
 OK
 - Cleaning...
 OK

[i] Installing plugin: KeyboardBuffer
 + Url: http://computer.forensikblog.de/files/volatility_plugins/keyboardbuffer.py
 + File: keyboardbuffer.py
 + Folder: memory_plugins
 + MD5: fda30c99dc701dce7a039d3de19307a3
 + SHA256: 396e72ddbda2846b301fb97b5ccf06bd250bf81a7327e514e4821ca637d6e088\n

 - Downloading...
 OK
 - Verifing checksums...
 OK
 - Installing KeyboardBuffer...
 OK
 - Cleaning...
 OK

[i] Installing plugin: OrphanThreads
 + Url: http://mhl-malware-scripts.googlecode.com/files/orphan_threads.py
 + File: orphan_threads.py
 + Folder: memory_plugins
 + MD5: 82ad2b8b5dde35f68f9ac3e9687655d6
 + SHA256: 009239a031cd53a82378a815ce81803ad3b7d4e8bd6257f34e50a5833cc0bda9\n

 - Downloading...
 OK
 - Verifing checksums...
 OK
 - Installing OrphanThreads...
 OK
 - Cleaning...
 OK

[i] Installing plugin: UsermodeHooks
 + Url: http://mhl-malware-scripts.googlecode.com/files/usermode_hooks2.py
 + File: usermode_hooks2.py
 + Folder: memory_plugins
 + MD5: 253a6885e52e39002c770e77916e7e09
 + SHA256: fae684cb49922dbf0c7920c4195876805ed591887e1b34dd590472a2a5a55de1\n

 - Downloading...
 OK
 - Verifing checksums...
 OK
 - Installing UsermodeHooks...
 OK
 - Cleaning...
 OK

[i] Installing plugin: KernelHooks
 + Url: http://mhl-malware-scripts.googlecode.com/files/kernel_hooks.py
 + File: kernel_hooks.py
 + Folder: memory_plugins
 + MD5: 01dcde71e2878b8c04cace8acd4bd06c
 + SHA256: 5911d54bb2e4802feb9cc5915dbabde395a89cbf1fd0217626112646da04e055\n

 - Downloading...
 OK
 - Verifing checksums...
 OK
 - Installing KernelHooks...
 OK
 - Cleaning...
 OK

[i] Installing plugin: IDT
 + Url: http://mhl-malware-scripts.googlecode.com/files/idt.py
 + File: idt.py
 + Folder: memory_plugins
 + MD5: 1890882ec273bf0036e9fb1aa4ea17e5
 + SHA256: 4ea358826d4f284f8f669a7bbddf4a6048c0fe3e83f98f973525cd1172d28b35\n

 - Downloading...
 OK
 - Verifing checksums...
 OK
 - Installing IDT...
 OK
 - Cleaning...
 OK

[i] Installing plugin: Lists
 + Url: http://www.cc.gatech.edu/~brendan/volatility/dl/lists.py
 + File: lists.py
 + Folder: forensics/win32
 + MD5: 7d7e7cd7b9d8f12773c057b402f79650
 + SHA256: 793b9a77a6b04c941c870cb4d22f3d8a9447a0431aaa954da04b4fcdee5dc140\n

 - Downloading...
 OK
 - Verifing checksums...
 OK
 - Installing Lists...
 OK
 - Cleaning...
 OK

[i] Installing plugin: ThreadQueues
 + Url: http://www.cc.gatech.edu/~brendan/volatility/dl/threadqueues.py
 + File: threadqueues.py
 + Folder: forensics/win32
 + MD5: 1dc40cd5987dfd55f4146721d978416f
 + SHA256: 4e370bfb29f673373ea1cc36991b42457894d12a1eb8df720e8ef040484d9d0e\n

 - Downloading...
 OK
 - Verifing checksums...
 OK
 - Installing ThreadQueues...
 OK
 - Cleaning...
 OK

[i] Installing plugin: VolRIP
 + Url: http://www.cc.gatech.edu/~brendan/volatility/dl/volrip-0.1.zip
 + File: volrip-0.1.zip
 + Folder: ./
 + MD5: 96b15dc1bcd1bd1f2782d38645dc5af9
 + SHA256: dc1b6bd109e813c3bd831c53955ae1401e181221ce3ffcfacc4fffb3b964b820\n

 - Downloading...
 OK
 - Verifing checksums...
 OK
 - Installing VolRIP...
 OK
 - Cleaning...
 OK

[i] Installing plugin: VolREG
 + Url: http://www.cc.gatech.edu/~brendan/volatility/dl/volreg-0.6.zip
 + File: volreg-0.6.zip
 + Folder: ./
 + MD5: 75d5e4f686082799d961641ebcd17bbd
 + SHA256: b361f0d516baf5e60c1048b5416a899365ac1824631390a962d5d258c10585b4\n

 - Downloading...
 OK
 - Verifing checksums...
 OK
 - Installing VolREG...
 OK
 - Cleaning...
 OK

[i] Installing plugin: FileObjScan
 + Url: http://computer.forensikblog.de/files/volatility_plugins/volatility_fileobjscan-current.zip
 + File: volatility_fileobjscan-current.zip
 + Folder: ./
 + MD5: 11a0a12f5d6ed31872daa6660446eb1c
 + SHA256: d8963851b4286b7fda5e9902ab176c49e1afb107dac8629046db6dfaedfc3653\n

 - Downloading...
 OK
 - Verifing checksums...
 OK
 - Installing FileObjScan...
 OK
 - Cleaning...
 OK

[i] Installing plugin: SymLinkScan
 + Url: http://computer.forensikblog.de/files/volatility_plugins/volatility_symlinkobjscan-current.zip
 + File: volatility_symlinkobjscan-current.zip
 + Folder: ./
 + MD5: e62dac146336e6f79ca89ca07061730c
 + SHA256: 7215b1977d7a6e9bfc44056c1becf41a7dc230a8ef14df5d260026fb5e600518\n

 - Downloading...
 OK
 - Verifing checksums...
 OK
 - Installing SymLinkScan...
 OK
 - Cleaning...
 OK

[i] Installing plugin: MutantScan
 + Url: http://computer.forensikblog.de/files/volatility_plugins/volatility_mutantscan-current.zip
 + File: volatility_mutantscan-current.zip
 + Folder: ./
 + MD5: c0571785cdea36f40416594b6e6134e4
 + SHA256: 080a8aa43cbd445c716c1b46a9c97c326d92bf8c3953eadea65cd9b7e677285e\n

 - Downloading...
 OK
 - Verifing checksums...
 OK
 - Installing MutantScan...
 OK
 - Cleaning...
 OK

[i] Installing plugin: ObjTypeScan
 + Url: http://computer.forensikblog.de/files/volatility_plugins/volatility_objtypescan-current.zip
 + File: volatility_objtypescan-current.zip
 + Folder: ./
 + MD5: 6ae2673cdaf7a0f2249db6f9dcc4b0a3
 + SHA256: 00b5b98bc2d6449a2106d42f208176360488d0da2b203c14c4c6ad66ef3e46a0\n

 - Downloading...
 OK
 - Verifing checksums...
 OK
 - Installing ObjTypeScan...
 OK
 - Cleaning...
 OK

[i] Installing plugin: DriverScan
 + Url: http://computer.forensikblog.de/files/volatility_plugins/volatility_driverscan-current.zip
 + File: volatility_driverscan-current.zip
 + Folder: ./
 + MD5: 02da6e69c983a9c2d5f5334da60f9d68
 + SHA256: 4384bbf66af9169986bacca75fbaf75d15c7006f4250b187f9b7ef94ebcad095\n

 - Downloading...
 OK
 - Verifing checksums...
 OK
 - Installing DriverScan...
 OK
 - Cleaning...
 OK

[+] Finished! You can check installation logs in /usr/home/sch3m4/install.volatility/logs_martes.05-03-11.01-40-33
[[email protected] ~/install.volatility]$

Hecho esto se habrá creado el script /usr/bin/volatility con el que podemos invocar a volatility desde cualquier directorio:

[[email protected] /tmp]$ volatility 

 Volatile Systems Volatility Framework v1.3
 Copyright (C) 2007,2008 Volatile Systems
 Copyright (C) 2007 Komoku, Inc.
 This is free software; see the source for copying conditions.
 There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

 usage: volatility cmd [cmd_opts]

 Run command cmd with options cmd_opts
 For help on a specific command, run 'volatility cmd --help'

 Supported Internel Commands:
 connections        Print list of open connections
 connscan           Scan for connection objects
 connscan2          Scan for connection objects (New)
 datetime           Get date/time information for image
 dlllist            Print list of loaded dlls for each process
 dmp2raw            Convert a crash dump to a raw dump
 dmpchk             Dump crash dump information
 files              Print list of open files for each process
 hibinfo            Convert hibernation file to linear raw image
 ident              Identify image properties
 memdmp             Dump the addressable memory for a process
 memmap             Print the memory map
 modscan            Scan for modules
 modscan2           Scan for module objects (New)
 modules            Print list of loaded modules
 procdump           Dump a process to an executable sample
 pslist             Print list of running processes
 psscan             Scan for EPROCESS objects
 psscan2            Scan for process objects (New)
 raw2dmp            Convert a raw dump to a crash dump
 regobjkeys         Print list of open regkeys for each process
 sockets            Print list of open sockets
 sockscan           Scan for socket objects
 sockscan2          Scan for socket objects (New)
 strings            Match physical offsets to virtual addresses (may take a while, VERY verbose)
 thrdscan           Scan for ETHREAD objects
 thrdscan2          Scan for thread objects (New)
 vaddump            Dump the Vad sections to files
 vadinfo            Dump the VAD info
 vadwalk            Walk the vad tree

 Supported Plugin Commands:
 cachedump          Dump (decrypted) domain hashes from the registry
 cryptoscan         Find TrueCrypt passphrases
 driverirp          Print driver IRP function addresses
 driverscan         Scan for driver objects
 fileobjscan        Scan for file objects
 getsids            Print the SIDs owning each process
 hashdump           Dump (decrypted) LM and NT hashes from the registry
 hivedump           Dump registry hives to CSV
 hivelist           Print list of registry hives
 hivescan           Scan for _CMHIVE objects (registry hives)
 idt                Print Interrupt Descriptor Table (IDT) entries
 kernel_hooks       Locate IAT/EAT/in-line API hooks in kernel space
 keyboardbuffer     Print BIOS keyboard buffer
 lsadump            Dump (decrypted) LSA secrets from the registry
 malfind2           Detect hidden and injected code
 moddump            Dump loaded kernel modules to disk.
 mutantscan         Scan for mutant (mutex) objects
 objtypescan        Scan for object type objects
 orphan_threads     Find kernel threads that don't map back to loaded modules
 printkey           Print a registry key, and its subkeys and values
 pstree            
 ssdt               Display SSDT entries
 suspicious         Find suspicious command lines and display them
 symlinkobjscan     Scan for symbolic link objects
 usermode_hooks     Locate IAT/EAT/in-line API hooks in user space
 volshell           Shell in the memory image

 Example: volatility pslist -f /path/to/my/file
[[email protected] /tmp]$

El archivo res.conf es el fichero del que lee los datos de las dependencias y plugins el script de instalación, por lo que para cambiar una versión por otra y/o agregar o eliminar plugins basta con editar este archivo.

Más información en el blog de Juan Garrido.

Solucionario Reto Panda Security #1-#3

May 6th, 2009 No comments

Para tenerlo más accesible y organizado, aquí tenéis los enlaces a los posts con las soluciones:

Solucion Reto 1AbsshA
Solucion Reto 2 – Guan & AbsshA
Solucion Reto 3RoMaNSoFt

Categories: Ing. Inversa, MS Windows, Programacion, Retos Tags:

Reto Panda Security #3 (Solucion – Actualizado)

May 5th, 2009 No comments

Esta vez ha sido RoMaNSoFt el autor de la documentación a la solución del reto 3.

Descarga

Actualizado:

Solucion Reto 1
Solucion Reto 2

Categories: Ing. Inversa, MS Windows, Programacion, Retos Tags:

Reto Panda Security #2 (Solucion – Actualizado)

May 5th, 2009 No comments

Esta vez han sido Guan y AbsshA, de CracksLatinos quienes han redactado la documentación del reto, resuelto por los miembros de CracksLatinos.

Mirror 1
Mirror 2

Atualizado:

Solucion Reto 1
Solucion Reto 3

Categories: Ing. Inversa, MS Windows, Programacion, Retos Tags:

Reto Panda Security #1 – Solucion (Actualizado II)

April 3rd, 2009 No comments

Así es, a demás de solucionarlo, AbsshA ha escrito un paper documentando el reto.

Descargar

Actualizado:

Otro documento explicativo sobre la resolución del reto ha sido publicado por Thor, dividido en tres partes:

http://el-blog-de-thor.blogspot.com/2009/04/solucion-al-reto-1-de-panda.html
http://el-blog-de-thor.blogspot.com/2009/04/solucion-al-reto-1-de-panda-ii-parte.html
http://el-blog-de-thor.blogspot.com/2009/04/solucion-al-reto-1-de-panda-iii-parte.html

Atualizado II:

Solucion Reto 2
Solucion Reto 3

Categories: Ing. Inversa, MS Windows, Programacion, Retos Tags: