Ghidra

---

‐ 安裝環境
‐ Build Ghidra
‐ 如何設定UI Scale成兩倍大
⊕ Pyhidra
    ‐ 安裝環境
    ‐ EntryPoint
⊕ Python
    ‐ EntryPoint

IDA Pro

---

⊕ Python
    ∗ Hello, world!
    ⊕ x86
        ∗ Get Register Name
⊕ IDC
    ∗ Hello, world!
    ∗ Dump Memory To File
    ⊕ x86
        ∗ Entry Point
        ∗ Start Address
        ∗ Get Label Name
        ∗ Define Function
        ∗ Get Operand Type
        ∗ Disassembly Line
        ∗ Get DWORD Binary
        ∗ Get Operand Value
        ∗ Get Next Instruction
        ∗ Get Mnemonics、Operand
        ∗ Global、Local Variable
⊕ SDK v6.4
    ∗ Rebuild
    ⊕ Loader
        ∗ Build nesldr
        ∗ Build ida-snes-ldr
    ⊕ Plugins
        ∗ Build bankswitch
        ∗ Build Hello world!
⊕ SDK v6.8
    ∗ Debug ROM(NES)
    ∗ Debug ROM(SMD)
    ∗ Debug ROM(DOSBox)
⊕ SDK v7.3
    ∗ Rebuild
∗ Tracing function
∗ Patch License(v7.3)
∗ 如何顯示OPCode
∗ 如何Rebase Image Base
∗ 如何輸出Graph overview
∗ 如何關閉Local Variable解析
∗ 如何關閉Auto Hide Function功能

OllyDbg

---

∗ JMP $
∗ 快速鍵
∗ Obfuscation
∗ 逆向MFC編譯的程式
∗ 解決"GetProcessImageFileNameW could not ..."問題

病毒樣本分析

---

⊕ DOC
    ∗ 3ea648fe161d27a22d68cd8d6ee6b37294532e82
⊕ XLS 4.0
    ∗ 3fb082368a8062316976fdfeeceae130d98a3247
∗ 如何製作TLS PE檔案
∗ 如何製作XLS 4.0檔案
∗ 如何製作AutoRun PDF檔案
∗ 解決"loadlocale.c:129: _nl_intern_locale_data: Assertion"問題
∗ 解決"convert-im6.q16: attempt to perform an operation not allowed by the security policy"問題

GDB

---

∗ eu-unstrip
∗ Dump Process
∗ Load Symbol File
∗ Wait for Process
∗ 解決"ptrace: Operation not permitted"問題

Game Boy Color

---

    ⊕ Hack ROM
        ∗ Tintin in Tibet(丁丁在西藏)

FCEUX

---

⊕ 讓NES遊戲支援振動功能
    ∗ Register
    ∗ 移植FCEUX(支援振動)
    ⊕ Hack ROM
        ∗ Mighty Final Fight(街頭快打)
        ∗ Ninja Ryukenden III(忍者龍劍傳3)
∗ Debug ROM
∗ Patch Sprite(ASCII)
∗ Patch Sprite(Index)

DOSBox

---

∗ Debug ROM

MAME

---

∗ Debug ROM
    ⊕ KOF97
        ∗ P2被打的斷點