HITB 2011 CTF – Reversing Vectored Exception Handling (VEH) | Corelan Cybersecurity ResearchCorelan Cybersecurity Research

HITB 2011 CTF – Reversing Vectored Exception Handling (VEH)

Published April 3, 2011 |

Introduction

Today we will have a look at a CTF binary from HITB pre qualifications CTF 2011:

http://conference.hackinthebox.org/hitbsecconf2011ams/?p=1333

This is an interesting binary to reverse because Vectored Exception Handling (VEH) was used in the challenge. As this was new to me, I documented how it works and wanted to share a short reversing write-up of the binary.

You can download the binary (windows_challenge.exe) here

Thanks to skier_ and the HITB crew for generating such an awesome CTF binary.

Come along………..and enjoy!

Fancy

Note: I used windows XP SP3 so maybe the addresses here in this video may differ from the addresses on your box.

Video

You can watch a full screen version here or download the video here

Interesting links:

http://msdn.microsoft.com/en-us/magazine/cc301714.aspx
http://msdn.microsoft.com/en-us/library/ms681420%28v=vs.85%29.aspx
http://msdn.microsoft.com/en-us/library/ms679274%28v=vs.85%29.aspx

Posted in 001_Security, Malware and Reversing, Uncategorized | Tagged -exploit-handler-part-6-1, 2011-hitb, corelan, ctf, ctf-hitb, ctf-reversing-unsolved-binaries, debug, exception, fancy, handler, hitb, hitb-2011, hitb-2011-ctf, hitb-2011-schedule, reversing-ctf, vectored, vectored-exception-handling, vectored-exception-handling-exploiting, vectoredexceptionhandle, veh

Corelan Cybersecurity Research

:: Knowledge is not an object, it's a flow ::