Comments on: Analysing malicious PDF documents and shellcode http://www.honeynor.no/2008/08/24/analysing-malicious-pdf-documents-and-shellcode/ A chapter of the Honeynet Project Wed, 26 May 2010 10:55:40 +0000 hourly 1 http://wordpress.org/?v=3.0.1 By: cobalt http://www.honeynor.no/2008/08/24/analysing-malicious-pdf-documents-and-shellcode/comment-page-1/#comment-732 cobalt Wed, 26 May 2010 10:55:40 +0000 http://www.honeynor.no/?p=41#comment-732 great! in the emacs, it was the python mode! thx a lot! keep up the good work! great! in the emacs, it was the python mode! thx a lot! keep up the good work!

]]> By: mkrakvik http://www.honeynor.no/2008/08/24/analysing-malicious-pdf-documents-and-shellcode/comment-page-1/#comment-731 mkrakvik Wed, 26 May 2010 08:57:12 +0000 http://www.honeynor.no/?p=41#comment-731 I don't have anything custom in .emacs file. Is python-mode (M-x python-mode) enabled in your emacs? I don’t have anything custom in .emacs file. Is python-mode (M-x python-mode) enabled in your emacs?

]]> By: cobalt http://www.honeynor.no/2008/08/24/analysing-malicious-pdf-documents-and-shellcode/comment-page-1/#comment-729 cobalt Wed, 26 May 2010 08:38:57 +0000 http://www.honeynor.no/?p=41#comment-729 Thx for your reply, mkrakvik. I tried it in the emacs, but i didn't get the result i wish with ctrl + i. in your video, you get the following when indenting the value in hashes: first the code looks like this: 1 hashes = [0x0000, 2 0000, 3 0000] and after one move in the 2nd line: 1 hashes = [0x0000, 2 0000, 3 0000] i have to click three times ctrl + i, to tet to this position. maybe you have some configs in your .emacs file? thx you very much for the help! i saw this one-move array indenting the first time in your video and search now some days for a shortcut in vim... cobalt Thx for your reply, mkrakvik.

I tried it in the emacs, but i didn’t get the result i wish with ctrl + i. in your video, you get the following when indenting the value in hashes:

first the code looks like this:
1 hashes = [0x0000,
2 0000,
3 0000]

and after one move in the 2nd line:
1 hashes = [0x0000,
2 0000,
3 0000]

i have to click three times ctrl + i, to tet to this position.

maybe you have some configs in your .emacs file?

thx you very much for the help! i saw this one-move array indenting the first time in your video and search now some days for a shortcut in vim…

cobalt

]]> By: mkrakvik http://www.honeynor.no/2008/08/24/analysing-malicious-pdf-documents-and-shellcode/comment-page-1/#comment-728 mkrakvik Tue, 25 May 2010 22:06:15 +0000 http://www.honeynor.no/?p=41#comment-728 Hi Cobalt, glad you enjoyed the video! Regarding indentation in emacs - that is done by pressing "ctrl-i" :-) Hi Cobalt, glad you enjoyed the video! Regarding indentation in emacs – that is done by pressing “ctrl-i” :-)

]]> By: c0b4lt http://www.honeynor.no/2008/08/24/analysing-malicious-pdf-documents-and-shellcode/comment-page-1/#comment-727 c0b4lt Tue, 25 May 2010 21:23:15 +0000 http://www.honeynor.no/?p=41#comment-727 old post, but very informativ and good video! i have a question not concerning the main topic. but i'm wondering how you did the indenting in the emacs for the hashes. I mean, how you indent the values for the hashes array. i use vim and maybe i find a solution after it. thx for the info, cobalt old post, but very informativ and good video!

i have a question not concerning the main topic. but i’m wondering how you did the indenting in the emacs for the hashes. I mean, how you indent the values for the hashes array. i use vim and maybe i find a solution after it.

thx for the info,

cobalt

]]> By: Analysing malicious PDF documents and shellcode « 0day in {REA_TEAM} http://www.honeynor.no/2008/08/24/analysing-malicious-pdf-documents-and-shellcode/comment-page-1/#comment-271 Analysing malicious PDF documents and shellcode « 0day in {REA_TEAM} Thu, 28 Jan 2010 04:02:44 +0000 http://www.honeynor.no/?p=41#comment-271 [...] Norwegian Honeynet Project » Blog Archive » Analysing malicious PDF documents and shellcode.   Leave a [...] [...] Norwegian Honeynet Project » Blog Archive » Analysing malicious PDF documents and shellcode.   Leave a [...]

]]> By: ocean’s InsecLab » Blog Archive » Analyzing a malicious pdf file http://www.honeynor.no/2008/08/24/analysing-malicious-pdf-documents-and-shellcode/comment-page-1/#comment-11 ocean’s InsecLab » Blog Archive » Analyzing a malicious pdf file Sun, 21 Dec 2008 14:35:38 +0000 http://www.honeynor.no/?p=41#comment-11 [...] shellcode is just the same as the one analyzed here. it only changes the url from where to get the malicious [...] [...] shellcode is just the same as the one analyzed here. it only changes the url from where to get the malicious [...]

]]>