Highest Voted Questions - Reverse Engineering Stack Exchange

11

votes

1 answer

Rename obfuscated names with .NET Reflector?

I have some obfuscated C# .NET code I want to analyze. Is it possible to rename those obfuscated symbols? So I can more easily track them? Like IDA Pro can work with renaming functions and so forth.

asked Nov 29 '13 at 01:56

samuirai

3,079
4
23
37

11

votes

2 answers

Hooking to a function with variable argument list

I am using Detours 3.0 to hook onto a function I obtained from Ida Pro. The problem is I came across a function which I cannot seem to hook which is due to either invalid arguements or the fact that it uses a variable arguement list. int…

ida

asked Oct 30 '13 at 21:38

user1595145

111
1
3

11

votes

1 answer

Thread-Switching with PyDbg

I'm having trouble switching from debugging one thread to another in pydbg. I don't have much experience with multithreading, so I'm hoping that I'm just missing something obvious. Basically, I want to suspend all threads, then start single stepping…

asked Oct 17 '13 at 01:43

Unix-dude

111
4

11

votes

1 answer

Dll injection and GetProcAddress with the winapi

So i just read a little bit about how one would go about for injecting a dll into a running program on Wikipedia (the CreateRemoteThread idea). I followed the steps described and eventually got it working. The thing i found interesting though which…

asked Sep 14 '13 at 15:20

lfxgroove

369
4
13

11

votes

1 answer

Hex-Rays Decompiler: Buffer on the stack

I am currently reversing a windows driver in order to write a Linux compatible driver for a DVB card, but I have come up against a small issue that I can work around, but if it is possible I would like to make it correct. There is a function that…

asked Sep 05 '13 at 07:14

Geoffrey

383
1
9

11

votes

2 answers

Is it possible to decrypt an SSL connection (short of bruteforcing)?

I'm trying to reverse-engineer a protocol (it's for a game whose server's are closing soon). I have two things: 1) the binary for the program 2) a packet dump from Wireshark (I am still able to get another dump, if needed). Now, the protocol, from…

decryption

asked Aug 23 '13 at 23:45

bobbybee

211
2
3

11

votes

2 answers

Decompile and recompile C?

What tools produce C code that does not produce errors when you try to recompile it again? Can Hex-Rays decompiler convert everything to project files in a single folder and just compile it?

asked Aug 09 '13 at 13:27

user8005

151
1
3

11

votes

3 answers

How to obtain x86-64 pseudocode in IDA Pro?

Does anyone know about obtaining pseudocode for x86-64 in IDA Pro? I already tried the Hex-Rays plugin to obtain pseudocode, but when I try it, the following error pops up: "only 32bit code is supported".

asked Jul 28 '13 at 05:54

john

119
1
1
4

11

votes

4 answers

How can I change the Read/Write/Execute flags on a segment in IDA?

Sometimes when you load a binary manually in IDA you wind up with segments that have unknown read write and execute flags. You can see them under the Segments subview (Shift + F7). Is there a way to change these flags from within the GUI of IDA…

asked Jul 02 '13 at 05:53

Peter Andersson

5,701
1
32
49

11

votes

1 answer

How to see what compiler made PIC ASM code?

I extracted a .hex file from a PIC16F88. For…

asked Mar 24 '13 at 14:59

user187

11

votes

2 answers

What to do when IDA cannot provide a function name?

For learning (and fun) I have been analyzing a text editor application using IDA Pro. While looking at the disassembly, I notice many function calls are made by explicitly calling the name of the function. For example, I notice IDA translates most…

asked May 28 '13 at 12:17

clark

215
1
3
9

11

votes

4 answers

Try to deobfuscate multi layered javascript

According to the techy zilla blog It will be much harder to deobfuscate code that has been obfuscated using multiple obfuscating algorithms. According to them, jsbeautifier can't fix this obfuscated code. Can you find another way to deobfuscate this…

asked May 26 '13 at 02:24

user101579

211
1
2
3

11

votes

1 answer

Re-run autoanalysis in Hopper?

I have loaded a raw binary (ARM firmware image) into Hopper, and manually marked the entry point as code. But now I'd like to have Hopper do auto-analysis (recursive traversal) starting from that code region, and I can't figure out how to get it to…

asked May 17 '13 at 18:46

Brendan Dolan-Gavitt

2,888
2
19
37

11

votes

3 answers

Is there any way to get my own image base without calling any WinAPI functions, such as GetModuleHandle?

Is there any way to get the image base of an .exe without calling WinAPI functions (i.e. imported functions) so that it can't be easily viewed in a disassembler/debugger? I've been thinking of declaring a global variable anywhere in code and reading…

asked Oct 18 '18 at 18:35

Jason

113
1
5

11

votes

2 answers

How to display memory zones content on IDA Pro?

This is a very naive question about IDA Pro. Once the IDA debugger started, I would like to be able to type a memory address (or a memory zone) and look easily at the content of it (in various format). With gdb you would do print /x *0x80456ef or,…

asked Apr 23 '13 at 07:21

perror

19,083
29
87
150

Most Popular