{"id":862,"date":"2012-04-15T15:59:12","date_gmt":"2012-04-15T15:59:12","guid":{"rendered":"http:\/\/www.hexacorn.com\/blog\/?p=862"},"modified":"2016-03-28T23:18:21","modified_gmt":"2016-03-28T23:18:21","slug":"update","status":"publish","type":"post","link":"https:\/\/www.hexacorn.com\/blog\/2012\/04\/15\/update\/","title":{"rendered":"Update"},"content":{"rendered":"<p>It&#8217;s been a while since I wrote anything here. This is due to me being on holidays and moving to a new place right after coming back. I finally settled down in a new apartment and looking forward to play with some new ideas.<\/p>\n<p>So, here is a short update:<\/p>\n<ul>\n<li>I fixed a silly bug in <a title=\"HAPI \u2013 API extractor\" href=\"https:\/\/www.hexacorn.com\/blog\/2012\/03\/03\/hapi-api-extractor\/\">HAPI<\/a> &#8211; I mixed up CR &amp; LF characters in the output and it looked awkward to say the least, not to mention potential parsing issues; Thx to Pedro L. for spotting this and notifying me<\/li>\n<li>HAPI may occasionally print some strings that look like non-API, e.g. &#8216;version&#8217;; this is not a bug, but a feature \ud83d\ude09 it turns out that there is such an API exported by one of the Microsoft DLLs ; since I don&#8217;t want to miss any API, I made a trade off and include all of them; still&#8230; I use some little heuristics to prevent printing many of them, but some of them will sometimes go through; so, please always verify the output manually; and for the curious &#8211; some Microsoft programmers decided to name certain APIs using one, or two characters; I dunno why do you do stuff like this, but there are legitimate system DLLs exporting functions named &#8216;u&#8217;, &#8216;vo&#8217;, etc.<\/li>\n<\/ul>\n<ul>\n<li>Discovered recently that Symantec&#8217;s VBN files can be encrypted not only with 0x5A, but also 0xA5; these files are still handled by <a title=\"DeXRAY \u2013 simple XORcarver\" href=\"https:\/\/www.hexacorn.com\/blog\/2012\/01\/05\/dexray-simple-xorcarver\/\">DeXRAY<\/a> since it relies on a XRAYS technique that searches and extracts encrypted executables without needing to know a specific key; but if you parse VBN files yourself, knowing that 0xA5 is being used may help you to save some time<\/li>\n<\/ul>\n","protected":false},"excerpt":{"rendered":"<p>It&#8217;s been a while since I wrote anything here. This is due to me being on holidays and moving to a new place right after coming back. I finally settled down in a new apartment and looking forward to play &hellip; <a href=\"https:\/\/www.hexacorn.com\/blog\/2012\/04\/15\/update\/\">Continue reading <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":[],"categories":[28,15,12,21,19,4,46,9],"tags":[],"_links":{"self":[{"href":"https:\/\/www.hexacorn.com\/blog\/wp-json\/wp\/v2\/posts\/862"}],"collection":[{"href":"https:\/\/www.hexacorn.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.hexacorn.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.hexacorn.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.hexacorn.com\/blog\/wp-json\/wp\/v2\/comments?post=862"}],"version-history":[{"count":6,"href":"https:\/\/www.hexacorn.com\/blog\/wp-json\/wp\/v2\/posts\/862\/revisions"}],"predecessor-version":[{"id":3583,"href":"https:\/\/www.hexacorn.com\/blog\/wp-json\/wp\/v2\/posts\/862\/revisions\/3583"}],"wp:attachment":[{"href":"https:\/\/www.hexacorn.com\/blog\/wp-json\/wp\/v2\/media?parent=862"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.hexacorn.com\/blog\/wp-json\/wp\/v2\/categories?post=862"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.hexacorn.com\/blog\/wp-json\/wp\/v2\/tags?post=862"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}