Category Archives: Update

Preparing a bugfix version of CFF Explorer

Posted on October 25, 2012 by Daniel Pistelli

It has been many years since the last update of what had started as a hobby side-project when I was 19. I’m sorry that I haven’t updated the CFF for such a long time, given that thousands of people use … Continue reading

Posted in News, Update | Tagged | 28 Comments

CFF Explorer 7.9 & Secunia

Posted on August 13, 2010 by Daniel Pistelli

Today I’ve received a Secunia report email about a buffer overflow vulnerability in the CFF Explorer. I was quite amused =). I mean, I usually get emails sent me by users about bugs in the CFF, never got an email … Continue reading

Posted in Update | Tagged | 6 Comments

Rebel.NET & Phoenix Protector Update

Posted on July 7, 2010 by Daniel Pistelli

Both suffered from a bug where they’d fail in case the assembly to reproduce/protect didn’t have a .rsrc section. Since at the time I wrote the code all .NET assemblies had a .rsrc section, I took it for granted and … Continue reading

Posted in Update | Tagged , | 4 Comments

CFF & Rebel.NET Update

Posted on April 1, 2010 by Daniel Pistelli

Fixed some bugs in both applications. In particular, made some part of the CFF Explorer more robust. The current CFF Explorer still contains the core I wrote when I was 19yo. The newer kernel, which I don’t know if I’ll … Continue reading

Posted in Update | Tagged , | Leave a comment

CFF Explorer update: scripting arguments

Posted on November 1, 2009 by Daniel Pistelli

Arguments can now be passed through command line just by making them follow the name of the script. E.g.: “CFF Explorer.exe” “C:\mydir\script.cff” arg1 arg2 “arg 3″ To access the arguments from the scripting part you can use the global variables … Continue reading

Posted in Update | Tagged | Leave a comment

Filter Monitor 1.1.0: filter restore

Posted on October 21, 2009 by Daniel Pistelli

Uploaded the new version of this little utility. Fixed some bugs (nothing serious). Now it has the capability to restore some types of filters that the user unregister. Basically, it can restore Create Process, Thread and Load Image callbacks.

Posted in Update | Tagged | 2 Comments

Explorer Suite update

Posted on October 21, 2009 by Daniel Pistelli

CFF Explorer: Improved support for tiny PEs. Fixed a bug in the Exception Directory which was due to the grid set up. Task Explorer: Fixed a minor bug on x64. Added the Driver List tool.

Posted in Update | Tagged , | 7 Comments

CFF Explorer bug-fix

Posted on September 30, 2009 by Daniel Pistelli

Fixed a bug reported by icy. It was causing crashes in executables without sections when calculating their PE size.

Posted in Update | Tagged | 6 Comments

.NET MetaData Tables Reports

Posted on May 30, 2009 by Daniel Pistelli

I updated the scripting language of the old CFF Explorer which now provides a function to automatically create reports of .NET metadata tables. The function is called LogPrintStruct and is to be used along with the logging functions the scripting … Continue reading

Posted in News, Programming, Update | Tagged , , | Leave a comment

Data Execution Prevention (NX) flag

Posted on April 10, 2009 by Daniel Pistelli

As you probably know the DEP (Data Execution Prevention) was introduced in XPSP2 and it prevents code to be executed from data sections. Let’s consider this code snippet: unsigned char b = 0xC3; // ret int _tmain(int argc, _TCHAR* argv[]) … Continue reading

Posted in Update | Tagged , | Leave a comment