Flag: Tornado! Hurricane!

About OpenRCE

Founded in June of 2005 as the brainchild of Pedram Amini, the Open Reverse Code Engineering community was created to foster a shared learning environment among researchers interested in the field of reverse engineering. Heavily modeled on the architecture of Greg Hoglund's rootkit.com, OpenRCE aims to serve as a centralized resource for reverse engineers (currently heavily win32/security/malcode biased) by hosting files, blogs, forums articles and more.

This website was written entirely from scratch and designed in a highly modular fashion to accommodate rapid growth and development of new features. As such, users are encouraged to contact site admins regarding feature requests and suggested additions. Special thanks to Ralph Schindler, Peter Silberman, Jamie Butler, Andrew Hintz, Ero Carrera, Quig and Dennis Elser for their help in getting OpenRCE off the ground.

Site Features

Articles: Full length articles with varying audiences are published through the site. Registered users have the benefit of commenting on articles as well as viewing a printer friendly version. If you wish to publish an article on OpenRCE please contact Pedram.

Book Store: The OpenRCE bookstore is linked through Amazon.com and lists a number of books with direct relevance to the field of reverse engineering. Registered users have the capability of adding reviews to listed books. Five percent of each purchase made through the site comes back to help pay for bandwidth and server costs.

Distributed RCE: Listing and management of IDA/Olly Sync servers for the purpose of uniting reverse engineers analyzing the same target. Currently this portion of the site serves as a central server list. IDA/Olly Sync is being re-written as "RE-Sync" that upon completion will have a dedicated server running on OpenRCE. Once established, an interesting experiment may be an attempted mass speed reverse engineering of newly discovered malicious binaries.

Downloads: OpenRCE hosts categorized downloads including IDA scripts/plugins, OllyDbg scripts/plugins and more. Registered users have the opportunity to link hosted downloads to their personal profile allowing them to make changes to the entry. Registered users with user level >= to two have the ability to upload files to a web repository that is also accessible through the downloads section.

Event Calendar: The OpenRCE event calendar contains a list and Google map of upcoming conferences, including their CFP deadline, location and other general notes about the venue. The entire list of future events is also available in a single .ICS file for integration into whatever desktop calendaring system you may use. If you have an event you want to add to the event calendar please contact any of the admins.

Forums: Top-level forum's exist for discussing a number of topics ranging from reverse engineering tools to targets. Forums can be locked to specific users levels as well as invite-only lists. Forums are broken down into topics which contains posts. Topics and posts are editable by users post creation to allow for simple fixes in content / presentation.

Live Discussion: A hosted Java applet provides registered users with access to the #openrce channel on irc.freenode.net.

Reference Library: The reference library contains a number of custom crafted reference materials as well as a collection of other publicly available materials..
  • IDA SDK Reference Manual: Modeled off of the PHP documentation system. Each function, structure, etc... within the IDA SDK has it's own page complete with definition, example usage, caveats and user entered notes.
  • Packer Analysis Database: A centralized location containing the analysis of various executable packers and known unpacking methods.
  • Win32 Call Chains: An interactive interface to the function call trees of various Microsoft Windows Dynamic Link Libraries (DLLs). An experimental visualization is currently featured as well.
  • Papers, Diagrams, etc...: Various papers, diagrams, etc... but custom created by OpenRCE users and otherwise collected find a home in this web repository.
  • Anti Reverse Engineering: A centralized location containing the analysis of various anti reverse engineering techniques such as anti-debugging, anti-dumping and anti-disassembly.
Users are encouraged to submit updates and corrections to the various reference library sections and in some cases can be provided direct admin rights to the requested resource.
RSS Feeds: Feeds are available for articles, blog entries, downloads, forums topics / posts, site updates as well as private messages. In order to access private RSS feeds such as the messages feed, it is required that you set your RSS "secret key" under your profile preferences. This "key" is used to authenticate your username with the requested feed.

Search: A rudimentary site search functionality is available for searching through articles, forums and downloads. Alternatively, a Google site specific search form is also available.

Users: The users page includes a directory of all OpenRCE users, site admins, the last 5 recently registered and per country user statistics. Registered users have the option to view a Google map containing plotted points for users who specified their latitude / longitude coordinates under their site profile.

What's New: The "What's New" page is accessible only to registered users and displays all of the site-wide content changes that have occurred since your last successful login.

User Features

A number of personalized features are available to registered users. These features are accessible from the top-center navigation menu.

Edit Profile: This is where you can change your password and contact information. Specify a country to represent your country of origin in the user statistics as well as include your countries flag in numerous locations. Your contact information is only available to other registered users, preventing search engines and spam harvesters from gleaning your personal information. Furthermore, your e-mail address is never displayed in plain text; rather it is "image" obfuscated a technique we came up with where we simply replace the "at" and "dot" characters in your e-mail address with images. If you enter latitude and longitude information, you will show up in the Google map accessible from the users page within 24 hours. You have the option to remain invisible in the "active in last 5 minutes" right column panel by specifing. Finally, set an RSS "secret" key to enable personalized and private RSS feeds such as private messaging.

Blog: You can create, edit and delete blog entries on OpenRCE. Users with user level >= 2 can upload images to their repository for linking into the blog. It is recommended that you prefix all blog related entries in your repository with "blog_" so as to separate blog files from regular files. A DHTML popup accessible on the mouse-over of the '?' icon located next to the main content text area outlines the available OpenRCE pseudo tags for managing presentation within your blog entries. If you host a blog externally and would like to have it imported and merged into OpenRCE let one of the admins know and you may be enrolled into the beta period of the blog importer.

Repository: Users with level >= 2 have access to a personal web file repository. Files hosted in the repository are stored in a web path accessible from anywhere on the web. Do not abuse this feature.

Messages: All registered users have the capability of sending / receiving private messages from one another. To receive notification when new private messages are awaiting your response without having to log into the site, set up an RSS secret key in your user profile and add the relevant RSS feed to your favorite reader.

Pseudo Tags: Text formatting pseudo tags (similar to bbcode for those of you who are familiar with that) are available throughout the site. This includes messages, blog entries, forum topics and posts etc... A quick reference on the available tags is available through a DHTML popup over the icons. Here is what's currently available:
    URLs:
        [url]http://www.example.com[/url]
        [url=http://www.example.com]descriptive text[/url]

    Text Formatting:
        [b]bold text[/b]
        [i]italicized text[/i]
        [u]underline text[/u]

    Position Control:
        [center]centered items[/center]

    Images:
        [img]http://www.example.com/image.gif[/img]
        [imgleft]http://www.example.com/left_aligned.gif[/img]
        [imgright]http://www.example.com/right_aligned.gif[/img]

    Code:
        [code]int main (void) {...}[/code]

Editing Posted Content: Forum topics, posts, blog comments, article comments and other content that you post to the site can more then likely be edited or erased. Keep an eye out for icons such as for editing and for deleting.

Site Updates in Development
- Alternative color themes.
- Click-to-sort download column headers.
- Customizable timezones.
- Distributed RCE overhaul (this will be cool).
- Password reset feature.
- Windows Native API (NDK) reference section.
- Page listing the most "popular" forum topics, blog entries and articles.
Have an idea? Let one of the admins know.

There are 31,320 total registered users.


Recently Created Topics
[help] Unpacking VMP...
Mar/12
Reverse Engineering ...
Jul/06
hi!
Jul/01
let 'IDAPython' impo...
Sep/24
set 'IDAPython' as t...
Sep/24
GuessType return une...
Sep/20
About retrieving the...
Sep/07
How to find specific...
Aug/15
How to get data depe...
Jul/07
Identify RVA data in...
May/06


Recent Forum Posts
Finding the procedur...
rolEYder
Question about debbu...
rolEYder
Identify RVA data in...
sohlow
let 'IDAPython' impo...
sohlow
How to find specific...
hackgreti
Problem with ollydbg
sh3dow
How can I write olly...
sh3dow
New LoadMAP plugin v...
mefisto...
Intel pin in loaded ...
djnemo
OOP_RE tool available?
Bl4ckm4n


Recent Blog Entries
halsten
Mar/14
Breaking IonCUBE VM

oleavr
Oct/24
Anatomy of a code tracer

hasherezade
Sep/24
IAT Patcher - new tool for ...

oleavr
Aug/27
CryptoShark: code tracer ba...

oleavr
Jun/25
Build a debugger in 5 minutes

More ...


Recent Blog Comments
nieo on:
Mar/22
IAT Patcher - new tool for ...

djnemo on:
Nov/17
Kernel debugger vs user mod...

acel on:
Nov/14
Kernel debugger vs user mod...

pedram on:
Dec/21
frida.github.io: scriptable...

capadleman on:
Jun/19
Using NtCreateThreadEx for ...

More ...


Imagery
SoySauce Blueprint
Jun 6, 2008

[+] expand

View Gallery (11) / Submit