Highest Voted Questions - Reverse Engineering Stack Exchange

11

votes

1 answer

Why is this ARM binary throwing an 'Illegal instruction' error and quitting?

Issue I'm hoping someone can help me determine why this binary won't execute. It is a closed-source, stripped ARM binary. That said, it is freely downloadable on the internet so there is a link to it at the bottom of this post. The target is an ARM…

arm

asked Jun 19 '18 at 02:54

gatorface

113
1
1
5

11

votes

3 answers

What are the available libraries to statically modify ELF executables?

I would like to be able to rewrite or reorganize an ELF binary program directly from the executable format (not at compile-time). The only library I know to do this is elfesteem (used in Miasm). But, there must be others. So, what are the libraries…

asked Apr 18 '13 at 09:43

perror

19,083
29
87
150

11

votes

1 answer

What are the main features of radare2?

Radare2 is a framework for reverse-engineering gathering several tools (see this Phrack article about radare1 to know a bit more about the framework). I would like to know if someone could point out the main useful features of the framework for…

asked Apr 18 '13 at 09:34

perror

19,083
29
87
150

11

votes

5 answers

How to find offsets in OllyDBG from IDA

I'm currently trying to gain some practice in RE and I need some help for patching a DLL. Here are my steps: I first analyze the main program and the dll in IDA trying to understand the logic. I then switch to OllyDBG for patching. Well, the problem…

asked Apr 17 '13 at 14:17

Caroline

121
1
1
5

11

votes

1 answer

Could you list some useful plugins and scripts for IDA Pro?

I am just starting to use IDA Pro. After discussing a bit with the community, it seems that IDA Pro plugins and scripts are quite important to reach a good level of productivity while analyzing a program. What are some must have plugins for IDApro…

asked Apr 17 '13 at 10:02

perror

19,083
29
87
150

11

votes

1 answer

Kernel level Dynamic Binary Instrumentation

Is there anything like PIN or DynamoRIO to instrument at Kernel level? The platforms I'm more interested on are Windows and OSX.

asked Apr 15 '13 at 22:27

joxeankoret

4,488
2
21
35

11

votes

3 answers

Are there any ARM disassemblers that provide structured output?

Are there any ARM (or other non-x86) disassemblers that decompose an instruction into its component parts in a machine-friendly structure? Ideally it would be something like XED or distorm3, which disassemble into a structure and then provide an API…

asked Apr 15 '13 at 22:04

Brendan Dolan-Gavitt

2,888
2
19
37

11

votes

2 answers

Is there a collaborative reversing forum for people that deal with firmware?

The question pretty much says it. Beyond knowing people that are interested in the same things, is there a collaborative reversing dumping ground for documenting specifically disassembly of closed source firmware?

asked Apr 13 '13 at 21:14

RobotHumans

563
2
16

11

votes

3 answers

How can I prevent Immunity Debugger / OllyDbg from breaking on attach?

When I attach OllyDbg or ImmunityDebugger to a process, it automatically breaks execution. I'm attaching to a user-mode service running as SYSTEM and only need to catch exceptions, so this is not ideal. Is there a way to disable the break-on-attach…

asked Apr 12 '13 at 09:40

Polynomial

1,272
2
12
21

11

votes

1 answer

How to make radare2 work for a large binary?

I compiled cpython with debugging headers and I want to perform the following analysis using radare2. The problem I encounter is that it takes forever (at least 27 hours) to perform the aaa (analysis) part.

asked Aug 16 '17 at 17:37

0x90

677
2
7
19

11

votes

3 answers

x64dbg how to debug a DLL called from an application

I have a 64 bit application that when runs will load a dll (plugin) I want to debug only this plugin, I have tried setting x64dbg to break on dll load, but two issues, this app loads hundreds of other dlls, and when I do get to my dll and try and…

debugging

asked Jun 17 '17 at 07:26

Raz Razman

361
1
3
8

11

votes

2 answers

What techniques are used in reverse engineering embedded firmware?

This question is related to another question I posted here. I'm working with a small public transit agency on a neat open-source project that will help us to offer realtime data to local developers. A key piece of data we need is the current bus…

firmware

asked Apr 03 '13 at 18:49

drewbug

419
4
7

11

votes

4 answers

How to decompile a C# .exe on macOS?

It this even possible? Are there any free tools?

asked May 15 '17 at 15:26

ttt

227
1
2
4

11

votes

2 answers

How does BinDiff work?

I would like to know what are the basic principles (and maybe a few things about the optimizations and heuristics) of the BinDiff software. Does anyone have a nice and pedagogic explanation of it?

asked Apr 02 '13 at 09:35

perror

19,083
29
87
150

11

votes

1 answer

What are @PAGE and @PAGEOFF symbols in IDA?

The above is the disassembly of a 64 bit ARM firmware image. Does anybody know what those @PAGE and @PAGEOFF symbols mean?

asked Jan 12 '17 at 23:16

sherlock

1,381
3
23
40

Most Popular