Reverse Engineering, Memory Hacking and Software Protection

Learn how to reverse, debug and patch packed programs - without unpacking - by using Cheat Engine

4.70 (131 reviews)
Udemy
platform
English
language
Network & Security
category
instructor
37,829
students
2 hours
content
Feb 2024
last update
$34.99
regular price

What you will learn

Bypass anti-debuggers

Patch Memory

Use x64dbg debugger

Using Cheat Engine

Using ScyllaHide Plugin

Using SharpOD Plugin

Using built-in hide Debugger functionality

Using Trainers (Loaders) for Process Patching

AOB Code Injection

Direct Byte Patching

ASM scripting for app hacking

LUA scripting for memory hacking

Designing Trainers (Loaders) with CE's Form Designer

Break and Trace

Modify program behaviour

Packing and Disassembling Crackmes using Popular Packers

and more...

Description

If you had always wanted to learn how to reverse and patch packed programs - without unpacking,  then this is the course for you. This course is a follow-up from the earlier course on Reverse Engineering & Memory Hacking. It is the practical application of what you have learnt in the first course. If you think that packing and anti-debugging is good enough to prevent reverse engineering, then you may be in for a surprise. In this course, I will show you how to test the effectiveness of several popular packers by packing crackmes and then reversing them - without unpacking.

Traditionally packed programs are unpacked before debugging is carried out. This is because a packed program's file cannot be patched. Much of software protection has centered on making it difficult to unpack programs. However,  the important question is: how effective is packing, obfuscation and anti-debugging as a means to prevent reversing? This course explores several packers to find the answers.

We will do the analysis using a tool called Cheat Engine, which is a prominent tool used by game hackers. This tool could also be used to study and analyze packed program's processes that is running in memory. You will learn how to perform debugging in spite of anti-debugging being implemented. There is no need to unpack and dump memory.  Instead of unpacking and then patching the dumped files and fixing IAT (Import Address Table) tables,  we will write scripts to hack memory using byte patching using an advanced technique called AOB (Array-Of-Bytes) Injection, by injecting code into code caves (inline memory patching).  In this course you will learn how to do all of the above and more.

At the end of this course you will be able to gauge the effectiveness of software packers, obfuscation and anti-debugging protection and also to have a good idea of how to implement extra countermeasures to improve the security of software.

In all the practical exercises and walkthroughs, we will use Crackme's which I have written. You will learn how to pack them using several popular packers and then hack them using Cheat Engine.


What you will learn

  • How to set hardware breakpoints and debug packed programs in spite of anti-debugging protection

  • Doing Break and Trace to identify Algorithms for reversing

  • Identifying addresses to do memory patching

  • Writing custom trainers (loaders) using Cheat Engine to hack and patch memory

  • Modify program behavior

  • Process Patching programs

  • Creating Lua Scripts for process patching

  • Test the effectiveness of Anti-Debugging technology

  • Packing crackmes using popular packers

  • Hack the packed crackmes and patch their memory during runtime

Prerequisites:

  • Before taking this course, you should preferably be already familiar with how to use x64dbg and Cheat Engine

  • Windows PC

  • Some knowledge of Assembly would be useful but not compulsory

So, go ahead and enroll now and I will see you inside!

Content

Introduction

Introduction

Basics of Memory Hacking

Introduction to Memory Hacking
Basic Technique to Bypass UPX
Basic Technique to Bypass Anti-Debug Protection

Using and Evaluating VMP Protect

Basic Bypass
Bypassing Kernel Level AntiDebug
Creating a Custom Memory Hacker (Trainer)

Using and Evaluating Enigma

Installing Enigma and packing a crackme
JMP Memory Hack
Creating a Custom Memory Hacker

Using and Evaluating Themida Code Virtualizer

Download Install and Pack a Crackme
Bypassing Using String Search
Bypass Using Memory Scanning
Creating a Trainer

Resources For Further Study

Bonus Lecture

Screenshots

Reverse Engineering, Memory Hacking and Software Protection - Screenshot_01Reverse Engineering, Memory Hacking and Software Protection - Screenshot_02Reverse Engineering, Memory Hacking and Software Protection - Screenshot_03Reverse Engineering, Memory Hacking and Software Protection - Screenshot_04

Reviews

Matija
November 13, 2023
The course was easy to follow. I was using Cheat Engine to track down simple numbers/values/strings and just change their value. I learned a LOT from this. Really good presentation.
Stuart
June 19, 2023
Worth $10? Yes. Some interesting things learned, but, towards the end with building custom memory hackers, it was a repeat. I do feel Paul has valuable information, but it could be more valuable if he dove deeper.
Droi
March 24, 2023
As always. The instructor cares for the students. Takes trouble to explain things clearly so that newbies can follow along. Love all his courses!
Ievgen
July 26, 2022
Quite interesting if you have never seen before the cheat engine and the target is not protected with virtualized code.
Bruno
July 7, 2022
Another great course from Paul ! In this course he'll show how to protect a crackme with diferente tools and how cheat engine is able to bypass them. Needless to say, Paul is atentious and caring with his students. I highly recommend this course :)
Balazs
February 6, 2022
The training teaches one use-case for a tool, and then it repeats the same thing over and over again. Good if you are interested how to use this tool for solving crackmes, but don't expect to understand what you are doing if you are not already experienced with reversing a bit.
Saail23
December 25, 2021
i buyed this course but i want videos how to crack login C++ console imgui with xdbg ce aob injection
Michael
July 5, 2021
Good and practical course with CE. Only critique would be that it felt a bit like the bypasses for each packer were too similar. There wasn't anything really new in each lesson. For example creating the trainers was exactly the same with every example. The only thing that was noticeably different was using the actual packers.
Ricardo
April 14, 2021
The techniques shown in this course are clever and easy to execute. As a malware analyst, being able to analyze a Themida packed binary without unpacking it is unvaluble!

Coupons

DateDiscountStatus
3/21/202175% OFF
expired
4/2/2021100% OFF
expired
5/8/202175% OFF
expired
9/29/2021100% OFF
expired
12/4/202175% OFF
expired
1/6/202275% OFF
expired
1/16/2022100% OFF
expired
2/12/2022100% OFF
expired
3/4/2022100% OFF
expired
4/18/202275% OFF
expired
7/20/202275% OFF
expired
7/30/202275% OFF
expired
8/5/202275% OFF
expired
8/18/202275% OFF
expired
9/25/202275% OFF
expired
10/6/202275% OFF
expired
10/26/202275% OFF
expired
11/7/202275% OFF
expired
12/14/202275% OFF
expired
1/3/202388% OFF
expired
3/2/2023100% OFF
expired
3/24/2023100% OFF
expired
4/2/2023100% OFF
expired
4/14/2023100% OFF
expired
4/26/2023100% OFF
expired
5/2/2023100% OFF
expired
5/13/2023100% OFF
expired
5/21/2023100% OFF
expired
6/24/2023100% OFF
expired
7/2/2023100% OFF
expired
7/11/2023100% OFF
expired
7/28/2023100% OFF
expired
8/3/2023100% OFF
expired
8/28/2023100% OFF
expired
9/2/2023100% OFF
expired

Charts

Price

Reverse Engineering, Memory Hacking and Software Protection - Price chart

Rating

Reverse Engineering, Memory Hacking and Software Protection - Ratings chart

Enrollment distribution

Reverse Engineering, Memory Hacking and Software Protection - Distribution chart
3790370
udemy ID
1/21/2021
course created date
3/21/2021
course indexed date
Bot
course submited by