Highest Voted Questions - Reverse Engineering Stack Exchange

12

votes

3 answers

Wanted: Java bytecode disassembler that shows addresses, opcodes, operands, in hex

I am after a java bytecode disassembler whose output includes the bytecodes themselves, their operands, and their addresses in the .class file, and which displays numbers in hex, not decimal. To show what I mean, here are a few lines taken from the…

asked May 10 '13 at 23:22

Witnobfigo

123
1
4

12

votes

2 answers

What kind of code would produce this assemby with loads of jump statements?

00EE16CC . E9 DFBB0000 JMP BinFile.00EED2B0 00EE16D1 . E9 64AF0000 JMP 00EE16D6 . E9 15DB0000 JMP BinFile.00EEF1F0 00EE16DB . E9 D0D40000 JMP…

asked Nov 08 '18 at 06:21

GoldenWest

135
2
7

12

votes

5 answers

How do I see the parameters passed to RegOpenKeyEx, and set a conditional breakpoint?

I have WinDbg attached to a process I don't have the source code for. I've set a breakpoint with bm ADVAPI32!_RegOpenKeyExW@20. The output of dv is: Unable to enumerate locals, HRESULT 0x80004005 Private symbols (symbols.pri) are required for…

asked May 01 '13 at 20:49

Justin Dearing

325
2
9

12

votes

2 answers

How many registers does an x86_64 CPU actually have?

I am currently learning reverse engineering and am studying the flags register. I had in my mind that rflags was just another name for one of the 16 general purpose registers, for example rax or rbx. But it looks like rflags is actually an…

asked Oct 22 '18 at 21:34

rubberband876

123
1
1
6

12

votes

1 answer

What kind of information can i get from reverse engineering an integrated circuit package

I've seen numerous examples of people essentially dissolving away the resin from integrated circuits in boiling high strength acid in order to expose the raw silicon chip underneath. My general understanding is that this has, from time to time,…

asked Mar 23 '13 at 14:05

NULLZ

343
1
16

12

votes

3 answers

Trying to understand this construct in Dbgv.sys driver for DbgView tool

I'm trying to reverse the Dbgv.sys (x86 kernel driver) for the DbgView tool. It has this sub_10D4A function that is called almost at the beginning of the driver's DriverEntry function. It goes as such: The relevant piece of…

asked Jun 18 '18 at 05:30

MikeF

221
1
4

12

votes

2 answers

What sources do you use for gaining information/intelligence about hardware products?

When reverse engineering consumer hardware products, it can often be helpful to gain as much information as possible outside of the device itself, including: Service manuals Installation/User manuals Circuit diagrams/block diagrams Description…

hardware

asked Apr 09 '13 at 12:14

Cybergibbons

1,762
2
17
26

12

votes

2 answers

How to map an arbitrary address to its corresponding basic block in IDA?

Say I have an arbitrary address and I want to find out which basic block (i.e. area_t structure) corresponds to it. How would I do that? Edit: more specifically, I want to know the beginning / end of the basic block to which a given address belongs.

asked Apr 07 '13 at 12:24

newgre

1,183
7
18

12

votes

1 answer

What makes CDMs such as Widevine hard to reverse engineer?

According to this PDF, Widevine has three security levels. The least secure one, and the one used by Chrome on desktops is level 3 in which all decryption is done outside of a Trusted Execution Environment. But in that case, what stops someone from…

asked Jun 26 '17 at 06:02

abcd

121
1
3

12

votes

5 answers

Is it legal to sell clean room engineered products?

The clean room technique is : First, a team of engineers study the software and describe everything it does as completely as possible without using or referencing any actual code. Then, a second team of programmers who had no prior knowledge…

law

asked Apr 04 '13 at 10:59

asheeshr

2,465
8
28
41

12

votes

1 answer

How to find a symbol in a binary using radare2?

I want to find an address of a symbol (e.g strcpy) inside a binary using radare2. I tried to use the f command to list all flags which are recognized by r2 but the list is enormous and it's not comfortable to find the address of a specific symbol…

radare2

asked Jun 23 '17 at 17:02

api pota

193
1
2
7

12

votes

2 answers

How does glibc malloc work?

Wishing to dig in the internals of dynamic memory allocation on Linux, the best I could find is an article titled Understanding glibc malloc. The explanation, though detailed, is not quite understandable (to me). Especially, I couldn't understand…

asked Mar 28 '17 at 07:26

sherlock

1,381
3
23
40

12

votes

3 answers

Reverse engineer an old DOS QBasic executable

I recently decided to try my hand at reverse engineer an old DOS text based game that was coded in QBasic. I found some info online about old DOS games disassembly but mostly for Wacom compiled C/C++ binaries, but nothing on QBasic. I know that…

asked Apr 02 '13 at 16:48

ricardojoaoreis

121
1
3

12

votes

1 answer

How are Apple App Store Apps encrypted?

I know how to decrypt an iOS app use tools. How is this encryption performed? Why can iOS apps only be decrypted on a device? Is there a device-specific key used for encryption?

asked Feb 21 '17 at 03:40

Karl

271
4
8

12

votes

2 answers

How do I determine code coverage when fuzzing

Let's say I'd like to begin fuzzing Acme Corp's PDF Reader. I'd like to try to follow what Miller did by downloading a bunch of benign PDFs and mutate them. Miller began by reducing his corpus of PDF samples to a minimum by pruning samples that…

asked Mar 30 '13 at 19:58

mrduclaw

4,066
8
27
40

Most Popular