Debugging MBR : IDA Pro and Bochs Emulator
This post will explain how to setup Bochs Emulator to debug MBR. I will be taking NotPetya\Petya ransomware MBR as an example.
Take dump of Physical Drive whose MBR is overwritten by NotPetya\Petya ransomware by its malicious MBR.
dd utility for windows can be used for this purpose.Command to dump the disk is as shown below.
dd.exe if=\\?\Device\Harddisk0\DR0 of=<output file path> bs=512k --size --progress
if = input file
of = output file
bs = read and write bytes at a time
Configuring Bochs Emulator.
Go to installation directory of Bochs Emulator and open file bochsrc and provide below information.
1.Disk Geometry
2.Boot Drive
Disk Geometry setting contain Cylinder,Head and Sector (CHS) value of disk.
# ATA controller for hard disks and cdroms
ata0-master: type=disk, path="winxp0.img", mode=flat, cylinders=124830, heads=16, spt=63
where path is dump of disk taken using dd utility.
Boot Drive setting contain bootable drive type.
# BOOT:
# This defines the boot sequence. Now you can specify up to 3 boot drives,
# which can be 'floppy', 'disk', 'cdrom' or 'network' (boot ROM).
boot: disk
once above settings are done run below command to verify your configuration.
bochsdbg.exe -f bochsrc -q
if no panic error is thrown that means configuration is successful.
Load the bochsrc file in IDA Pro and you will see MBR instructions.
set breakpoint on first instruction and select Debugger Local Bochs Debugger .
Take dump of Physical Drive whose MBR is overwritten by NotPetya\Petya ransomware by its malicious MBR.
dd utility for windows can be used for this purpose.Command to dump the disk is as shown below.
dd.exe if=\\?\Device\Harddisk0\DR0 of=<output file path> bs=512k --size --progress
if = input file
of = output file
bs = read and write bytes at a time
Configuring Bochs Emulator.
Go to installation directory of Bochs Emulator and open file bochsrc and provide below information.
1.Disk Geometry
2.Boot Drive
Disk Geometry setting contain Cylinder,Head and Sector (CHS) value of disk.
# ATA controller for hard disks and cdroms
ata0-master: type=disk, path="winxp0.img", mode=flat, cylinders=124830, heads=16, spt=63
where path is dump of disk taken using dd utility.
Boot Drive setting contain bootable drive type.
# BOOT:
# This defines the boot sequence. Now you can specify up to 3 boot drives,
# which can be 'floppy', 'disk', 'cdrom' or 'network' (boot ROM).
boot: disk
once above settings are done run below command to verify your configuration.
bochsdbg.exe -f bochsrc -q
if no panic error is thrown that means configuration is successful.
Load the bochsrc file in IDA Pro and you will see MBR instructions.
set breakpoint on first instruction and select Debugger Local Bochs Debugger .
I was searching for loan to sort out my bills& debts, then i saw comments about Blank ATM Credit Card that can be hacked to withdraw money from any ATM machines around you . I doubted thus but decided to give it a try by contacting {skylinktechnes@yahoo.com} they responded with their guidelines on how the card works. I was assured that the card can withdraw $5,000 instant per day & was credited with $50,000 so i requested for one & paid the delivery fee to obtain the card, i was shock to see the UPS agent in my resident with a parcel{card} i signed and went back inside and confirmed the card work's after the agent left. This is no doubts because i have the card & has made used of the card. This hackers are USA based hackers set out to help people with financial freedom!! Contact these email if you wants to get rich with this Via email skylinktechnes@yahoo.com or whatsapp: +1(213)785-1553
ReplyDelete**Contact 24/7**
DeleteTelegram > @killhacks
ICQ > 752822040
Skype > Peeterhacks
Wicker me > peeterhacks
**HIGH CREDIT SCORES SSN FULLZ AVAILABLE**
>For tax filling/return
>SSN DOB DL all info included
>For SBA & PUA
>Fresh spammed & Fresh database
**TOOLS & TUTORIALS AVAILABLE FOR HACKING SPAMMING
CARDING CASHOUT CLONING SCRIPTING**
Fullz info included
NAME+SSN+DOB+DL+DL-STATE+ADDRESS
Employee & Bank details included
High credit fullz with DL 700+
(bulk order preferable)
**Payment in all crypto currencies will be accepted**
->You can buy few for testing
->Invalid or wrong info will be replaced
->Serious buyers contact me for long term business & excellent profit
->Genuine & Verified stuff
TOOLS & TUTORIALS AVAILABLE:
"SPAMMING" "HACKING" "CARDING" "CASH OUT"
"KALI LINUX" "BLOCKCHAIN BLUE PRINTS" "SCRIPTING"
**TOOLS & TUTORIALS LIST**
=>US CC Fullz
=>Ethical Hacking Tools & Tutorials
=>Bitcoin Hacking
=>Kali Linux
=>Keylogger & Keystroke Logger
=>Bulk SMS Sender
=>Facebook & Google Hacking
=>Bitcoin Flasher
=>SQL Injector
=>Logins Premium (PayPal/Amazon/Coinbase/Netflix/FedEx/Banks)
=>Bitcoin Cracker
=>SMTP Linux Root
=>Shell Scripting
=>DUMPS with pins track 1 and 2 with & without pin
=>SMTP's, Safe Socks, Rdp's brute
=>PHP mailer
=>SMS Sender & Email Blaster
=>Cpanel
=>Server I.P's & Proxies
=>Viruses & VPN's
=>HQ Email Combo (Gmail, Yahoo, Hotmail, MSN, AOL, etc)
==>Contact 24/7<==
Telegram> @killhacks
ICQ> 752822040
Skype> Peeterhacks
Wicker me > peeterhacks
*Serious buyers are always welcome
*Big Discount in bulk order
*Offer gives monthly, quarterly, half yearly & yearly
*Hope we do a great business together
**You should try at least once**
What's Up Everyone
DeleteFresh Databases available
CC's CVV's SSN
Pros High Credit Scores 700+
Fullz/Leads with SSN+DOB+DL
Dumps
EIN Leads
Bulk HQ Emails
Office365 Emails & Logs
>>>WA/Telegram +92 317 272 1122
>>>ICQ 752822040
>>>Skype/Wickr @peeterhacks
>>>Email exploit dot tools4u at gmail dot com
Quality Tools & Tutorials available for
HACKING|SPAMMING|CARDING|SPYING|CLONING|CASH-OUTS|TRANSFERS
Legit Fullz/Pros/Leads will be provided
Bulk quantity also
Invalid stuff will be replaced/No refund
BTC & USDT payments mode
Available 24/7
Feel Free to contact Guy's
Testimony on how i received my programmed blank atm card to withdraw a maximum of $5,000 daily.
ReplyDeleteI would without reservation recommend working with ATM GENIUS LINKS, My Name is Joseph Eric. Programmed Blank Atm Card is no longer a news or a new trend I've been reluctant in purchasing this blank Atm Card all because of what i heard about it online everything seems too good to be true, But i was convinced & shocked when my friend at my place of work got a Programmed Blank Atm Card from ATM GENIUS LINKS & today we both confirmed it really works, without delay i gave it a go. Ever since then I've been able to make a with-drawer of $5,000 daily from the Programmed Atm Card. I'm so excited that ever since i ordered & paid for delivery of the Programmed Atm Card, I didn't get scammed & now i have been able to arrange my life with this Programmed Atm Card, I own a House & a business now kindly contact them today for more inquiries and enlightenment via E-mail: atmgeniuslinks@gmail.com or WhatsApp +1-781-656-7138.
Your Satisfaction is there Aim and your working with them will be of a good experience, kindly contact them today for more inquiries and enlightenment via E-mail: atmgeniuslinks@gmail.com or WhatsApp +1-781-656-7138.
PLEASE READ!!Hello Guys!!!I am Caro I live in Ohio USA I’m 32 Years old, am so happy I got my blank ATM card from Adriano. My blank ATM card can withdraw $4,000 daily. I got it from Him last week and now I have withdrawn about $10,000 for free. The blank ATM withdraws money from any ATM machines and there is no name on it because it is blank just your PIN will be on it, it is not traceable and now I have money for business, shopping and enough money for me and my family to live on.I am really glad and happy i met Adriano because I met Five persons before him and they could not help me. But am happy now Adriano sent the card through DHL and I got it in two days. Get your own card from him right now, he is giving it out for small fee to help people even if it is illegal but it helps a lot and no one ever gets caught or traced. I’m happy and grateful to Adriano because he changed my story all of a sudden. The card works in all countries that is the good news Adriano’s email address is adrianohackers01@gmail.com.
ReplyDeletePLEASE READ!!Hello Guys!!!I am Caro I live in Ohio USA I’m 32 Years old, am so happy I got my blank ATM card from Adriano. My blank ATM card can withdraw $4,000 daily. I got it from Him last week and now I have withdrawn about $10,000 for free. The blank ATM withdraws money from any ATM machines and there is no name on it because it is blank just your PIN will be on it, it is not traceable and now I have money for business, shopping and enough money for me and my family to live on.I am really glad and happy i met Adriano because I met Five persons before him and they could not help me. But am happy now Adriano sent the card through DHL and I got it in two days. Get your own card from him right now, he is giving it out for small fee to help people even if it is illegal but it helps a lot and no one ever gets caught or traced. I’m happy and grateful to Adriano because he changed my story all of a sudden. The card works in all countries that is the good news Adriano’s email address is adrianohackers01@gmail.com.
ReplyDeleteDo you need an urgent loan of any kind? Loans to liquidate debts or need to loan to improve your business have you been rejected by any other banks and financial institutions? Do you need a loan or a mortgage? This is the place to look, we are here to solve all your financial problems. We borrow money for the public. Need financial help with a bad credit in need of money. To pay for a commercial investment at a reasonable rate of 3%, let me use this method to inform you that we are providing reliable and helpful assistance and we will be ready to lend you. Contact us today by email: daveloganloanfirm@gmail.com Call/Text: +1(501)800-0690 And whatsapp: +1 (315) 640-3560
ReplyDeleteNEED A LOAN?
Ask Me.
Email: int.hackers002@gmail.com
ReplyDeleteWhatsApp: +1(765) 705-0044
-hack into any kind of phone
_Increase Credit Scores
_western union, bitcoin and money gram hacking
_criminal records deletion_BLANK ATM/CREDIT CARDS
_Hacking of phones(that of your spouse, boss, friends, and see whatever is being discussed behind your back)
_Security system hacking...and so much more. Contact THEM now and get whatever you want at
Prices for clone cards with their balance that we offer:
* Gold VISA- € 450 ----> Balance € 250,000 Daily withdrawal of € 1,500, validity 24 months
* Gold Mastercard- € 1,500 --- -> Balance € 325,000 Daily withdrawal of € 1,800, validity 36 months
* Platinum Visa - € 3,550 ----> Balance € 480,000 Daily withdrawal of € 2,000, validity 24 months
* Platinum Mastercard - € 5,600 ----> Balance € 620,000 Daily withdrawal of € 2,500, validity 36 months
* Infinity Visa - € 10,000 ----> Balance € 750,000 Daily withdrawal of € 3,000, validity 24 months
* Infinity Mastercard - 20,000€ ----> Balance 850,000 € Daily withdrawal of 3500 €, validity 36 months
Once payment has been made 12h to 48h in Europe and 12h to 72H worldwide
After your order will be available, at the delivery address given.
Shipping is by courier with parcel tracking within 2hrs after payment
If you order regularly with us, we guarantee that you will not miss anything in the near future.
Email: int.hackers002@gmail.com
WhatsApp: +1(765) 705-0044
Valuable info. Lucky me I found your web site by accident, and I'm shocked why this accident didn't happened earlier! I bookmarked it. mac reparieren berlin
ReplyDeleteDo you need Personal Finance?
ReplyDeleteBusiness Cash Finance?
Unsecured Finance
Fast and Simple Finance?
Quick Application Process?
Finance. Services Rendered include,
*Debt Consolidation Finance
*Business Finance Services
*Personal Finance services Help
contact us today and get the best lending service
personal cash business cash just email us below
Contact Us: financialserviceoffer876@gmail.com
call or add us on what's app +918929509036
Excellent Blog, I like your blog and It is very informative. Thank you
ReplyDeleteRPA Online Course
ReplyDeleteNice blog, very informative content.Thanks for sharing, waiting for the next update…
statistics for data science tutorial
Data Science Tutorial for Beginners
Never met any hacker as discreet and fast like this White Collar Hackers. They are called WhiteHats and they has helped me in multiple ways first was when my ex spouse cheated on me- they got me every information from my spouse phone number and now they are helping me paying my credit cards debts. They have the best hacking tools plus service any one can ever imagine and I recommend him to the world. I am thankful and grateful for the second chance. Honestly, WhiteCollar hackers are life savers please contact them here if you need their swift service Email; WhitehatspytechATcyberservicesDOTcom
ReplyDeleteWow this is awesome, very interesting article. I can imagine the energy and inspiration you have invested on this powerful combination of words. Many articles I come across these days do not really dive this deep to make it clear to their audience as you did. But believe me the way you interact is literally 100% perfect. I will instantly grab your rss feed to stay informed of any updates you make on your blog and as well take the advantage to demonstrate
ReplyDelete5 WAYS TO SPOT A FAKE DRIVERS LICENSE which many people are ignorant of when ordering fake documents online. Not over demanding I will also take the advantage to ask for your permission to join our 179.3k members TELEGRAM GROUP
to share with us your ideas or any latest update on your blog.
Thanks I am Scott from Globex, we are expecting you on our platform.
Do you need an urgent loan of any kind? Loans to liquidate debts or need to loan to improve your business have you been rejected by any other banks and financial institutions? Do you need a loan or a mortgage? This is the place to look, we are here to solve all your financial problems. We borrow money for the public. Need financial help with a bad credit in need of money. To pay for a commercial investment at a reasonable rate of 3%, let me use this method to inform you that we are providing reliable and helpful assistance and we will be ready to lend you. Contact us today by email: daveloganloanfirm@gmail.com Call/Text: +1(501)800-0690 And whatsapp: +1 (501) 214‑1395
ReplyDeleteNEED A LOAN?
Ask Me.
Very nice article and straight to the point. I am not sure if this is in fact the best place to ask but do you folks have any thoughts on where to hire some professional writers? Thanks :) mac reparieren berlin
ReplyDeleteFULLZ AVAILABLE
ReplyDeleteFresh & valid spammed USA SSN+Dob Leads with DL available in bulk.
>>1$ each SSN+DOB
>>3$ each with SSN+DOB+DL
>>5$ each for premium fullz (700+ credit score with replacement guarantee)
Prices are negotiable in bulk order
Serious buyer contact me no time wasters please
Bulk order will be preferable
CONTACT
Telegram > @leadsupplier
ICQ > 752822040
Email > leads.sellers1212@gmail.com
OTHER STUFF YOU CAN GET
SSN+DOB Fullz
CC's with CVV's (vbv & non-vbv)
USA Photo ID'S (Front & back)
All type of tutorials available
(Carding, spamming, hacking, scam page, Cash outs, dumps cash outs)
SMTP Linux Root
DUMPS with pins track 1 and 2
WU & Bank transfers
Socks, rdp's, vpn
Php mailer
Sql injector
Bitcoin cracker
Server I.P's
HQ Emails with passwords
All types of tools & tutorials.. & much more
Looking for long term business
For trust full vendor, feel free to contact
CONTACT
Telegram > @leadsupplier
ICQ > 752822040
Email > leads.sellers1212@gmail.com
Excellent post. I've been browsing this blog constantly thanks for sharing
ReplyDeletevstcomplex
Goodhertz Vulf Crack
4Front TruePianos Crack
Arturia Pigments Crack
XSplit VCam Crack
AMEK EQ Crack
MusicLab RealEight Crack
WiFi Explorer Pro Crack
Hello everyone, Are you looking for a professional trader, forex and binary manager who will help you trade and manager your account with good and massive amount of profit in return. you can contact Mr. Anderson for your investment plan, for he helped me earned 8,000usd with little investment funds. Mr Anderson you're the best trader I can recommend for anyone who wants to invest and trade with a genuine trader, he also helps in recovery of loss funds..you can contact him on his whatsapp: (+447883246472) Email (tdameritrade077@gmail.com)I advice you shouldn't hesitate He's great.
ReplyDeleteI like your all post. You have done really good work. Thank you for the information you provide, it helped me a lot. I hope to have many more entries or so from you.
ReplyDeleteVery interesting blog.
crackpur.info
IDA Pro Crack
Genialny blog ale jeszcze lepszy https://e-trel.pl https://mamywszystko.net
ReplyDelete**Contact 24/7**
ReplyDeleteTelegram > @killhacks
ICQ > 752822040
Skype > Peeterhacks
Wicker me > peeterhacks
**HIGH CREDIT SCORES SSN FULLZ AVAILABLE**
>For tax filling/return
>SSN DOB DL all info included
>For SBA & PUA
>Fresh spammed & Fresh database
**TOOLS & TUTORIALS AVAILABLE FOR HACKING SPAMMING
CARDING CASHOUT CLONING SCRIPTING**
Fullz info included
NAME+SSN+DOB+DL+DL-STATE+ADDRESS
Employee & Bank details included
High credit fullz with DL 700+
(bulk order preferable)
**Payment in all crypto currencies will be accepted**
->You can buy few for testing
->Invalid or wrong info will be replaced
->Serious buyers contact me for long term business & excellent profit
->Genuine & Verified stuff
TOOLS & TUTORIALS AVAILABLE:
"SPAMMING" "HACKING" "CARDING" "CASH OUT"
"KALI LINUX" "BLOCKCHAIN BLUE PRINTS" "SCRIPTING"
**TOOLS & TUTORIALS LIST**
=>US CC Fullz
=>Ethical Hacking Tools & Tutorials
=>Bitcoin Hacking
=>Kali Linux
=>Keylogger & Keystroke Logger
=>Bulk SMS Sender
=>Facebook & Google Hacking
=>Bitcoin Flasher
=>SQL Injector
=>Logins Premium (PayPal/Amazon/Coinbase/Netflix/FedEx/Banks)
=>Bitcoin Cracker
=>SMTP Linux Root
=>Shell Scripting
=>DUMPS with pins track 1 and 2 with & without pin
=>SMTP's, Safe Socks, Rdp's brute
=>PHP mailer
=>SMS Sender & Email Blaster
=>Cpanel
=>Server I.P's & Proxies
=>Viruses & VPN's
=>HQ Email Combo (Gmail, Yahoo, Hotmail, MSN, AOL, etc)
==>Contact 24/7<==
Telegram> @killhacks
ICQ> 752822040
Skype> Peeterhacks
Wicker me > peeterhacks
*Serious buyers are always welcome
*Big Discount in bulk order
*Offer gives monthly, quarterly, half yearly & yearly
*Hope we do a great business together
**You should try at least once**
Hello there, as a newbie to crypto currency trading, I lost a lot of money trying to navigate the market on my own. In my search for a genuine and trusted trader, i came across Anderson Carl who guided and helped me make so much profit up to the tune of $40,000. I made my first investment with $1,000 and got a ROI of $9,400 in less than 8 days. You can contact this expert trader via email: andersoncarlassettrade@gmail.com or on WhatsApp +1(252)285-2093 and be ready to share your own testimony
ReplyDeleteI like your all post. You have done really good work. Thank you for the information you provide, it helped me a lot. I hope to have many more entries or so from you.
ReplyDeleteVery interesting blog.
crackpur.info
IDA Pro Crack
Believe it or not Dr Amber has come to stay to do wonders with his spells. I overheard my co-worker telling his cousin how Dr Amber helped him get back his partner within 24 hours . I was amazed about what he said. I searched for this man called Dr Amber online and guess what... He had so many good reviews online about his work. I got in contact with him to win the lottery and he assured me that winning the lottery is not a problem but what do I intend doing with the winnings. I told him what I will do when I become a winner. Dr Amber prepared a spell and prayed for me for 3 days before he told me where to play the Lottery. I did as he instructed me with a positive mindset. To my greatest shock, I was announced the winner of $1,000 dollars everyday for life which is equivalent to a cash prize of $7,000,000 million dollars.. I have no words to thank Dr Amber but to share your good works to everyone that needs help. Visit: amberlottotemple.com or Email: amberlottotemple@yahoo.com
ReplyDeleteWhat's Up Everyone
ReplyDeleteFresh Databases available
CC's CVV's SSN
Pros High Credit Scores 700+
Fullz/Leads with SSN+DOB+DL
Dumps
EIN Leads
Bulk HQ Emails
Office365 Emails & Logs
>>>WA/Telegram +92 317 272 1122
>>>ICQ 752822040
>>>Skype/Wickr @peeterhacks
>>>Email exploit dot tools4u at gmail dot com
Quality Tools & Tutorials available for
HACKING|SPAMMING|CARDING|SPYING|CLONING|CASH-OUTS|TRANSFERS
Legit Fullz/Pros/Leads will be provided
Bulk quantity also
Invalid stuff will be replaced/No refund
BTC & USDT payments mode
Available 24/7
Feel Free to contact Guy's
VERIFIED DARK WEB VENDORS LIST
ReplyDeleteIf you are tired of losing money
visit: https://crabblegs.wixsite.com/legitvendors/legitvendors