Reverse Engineering Stack Exchange
Reverse Engineering Stack Exchange

Most Popular

more tags
1500 questions
11
votes
1 answer

Tracing message passing instead of a call stack

In a microkernel, much of the interesting functionality happens not with traditional function calls, but instead through message passing between separate entities. Is there a structure that OS architectures like this generally use to implement…
Daniel W. Steinbrook
  • 192
  • 10
11
votes
2 answers

Debugging EXE with TLS

How do I debug an executable that uses TLS callbacks? It's my understanding that these run before my debugger will attach.
mrduclaw
  • 4,066
  • 8
  • 27
  • 40
11
votes
1 answer

Are the EU laws preventing reverse engineering of software products?

Would it be legal to decompile and/or reverse engineer a commercial java JAR file to view the inner workings of a library in order to write original code for use with the library in the EU or UK?
Jesson Atherton
  • 213
  • 2
  • 7
11
votes
2 answers

Immunity Debugger reset windows to default tiling

I have changed the windows from the original tiling layout in Immunity Debugger. I would like to restore the original tiling. I have tried restarting the program but the modified tiling remains. Is there a procedure for restoring the original…
Concklin F
  • 111
  • 1
  • 1
  • 3
11
votes
1 answer

Randomly picking up a x86 register for an instruction

I came around a piece of malware which i am analyzing and have found that it uses some kind of math to randomly selecting a register for a specific instruction Which i don't understand how this operation is calculated depend on what? Here is an…
RCECoder
  • 314
  • 1
  • 6
11
votes
1 answer

Get code from protected PIC

I have a PIC18F4550 from an old device and I need to see the code. I tried reading it using my ICD3 programmer, but the chip seems to have its code protected. How can I get the code anyway?
user187
11
votes
4 answers

Best alternatives to IDA Pro, Immunity and OllyDbg for a blind user

I am totally blind and want to learn to do reverse engineering so I can advance my career. Unfortunately, IDA Pro, Immunity and OllyDbg are all not accessible to a blind person using a screenreader. Are there any good alternatives on both windows…
dnraikes
  • 379
  • 5
  • 11
11
votes
2 answers

nop with argument in x86_64

A program I'm investigating has the following code (disassembled by IDA with some light censorship by me): __text:....B9 call __text:....BE nop __text:....BF nop dword ptr…
Brennan Vincent
  • 293
  • 1
  • 2
  • 9
11
votes
2 answers

Decrypting IPA Binary on OS X

I've been reading this PDF on reverse-engineering iOS applications and have reached slide 39, decrypting the binary. However, I've been attempting to disassemble and explore the binary in OS X 10.9.5 rather than iOS, since my phone is not jailbroken…
Patrick Roberts
  • 269
  • 1
  • 2
  • 10
11
votes
3 answers

ZTE encrypted backup config file

I was poking around in ZTE Speedport Entry 2i (CPE used mostly in Germany, Slovakia etc, probably custom made for Deutsche Telekom). It's possible to download backup of config from UI. I found out it's different from other ZTE config backups.…
J91321
  • 271
  • 1
  • 2
  • 8
10
votes
1 answer

Extracting arguments from IDA

Let's say I have the following function in IDA: int __usercall function(char* message, unsigned int count) What's the fastest way to extract the argument information using IDAPython, such that I get the following: [['char*',…
Zach Riggle
  • 2,337
  • 1
  • 16
  • 28
10
votes
2 answers

How to bypass ZwContinue?

During an analysis, I have found a call to ZwContinue. The executable file first gets the address of ntdll.NtContinue and stores it in the EAX register. After I step over the following assembly line, CALL EAX ; ntdll.ZwContinue then OllyDbg…
user3097712
  • 1,541
  • 1
  • 25
  • 44
10
votes
2 answers

How do you can you disassemble and dump an entire binary?

It's easy to seek to a particular function and dump it's contents as Assembly language. However, I cannot find an obvious way to immediately disassemble and dump an entire binary. I want to use it more like I use IDA and objdump by seeing the entire…
MrSynAckSter
  • 1,258
  • 1
  • 10
  • 24
10
votes
1 answer

Anti-debugging techniques - Preventing me from setting a memory and hardware breakpoint. How can I bypass that?

I'm debugging this process which has a lot of anti debugging techniques in it, and I faced something new which I don't know how to bypass yet. Changing the code dynamically causes exceptions to occur and the process to crash. So setting INT 3…
0xAK
  • 668
  • 6
  • 19
10
votes
1 answer

RS-485 Checksum Reverse Engineering (Watlow EZ-Zone PM)

I am trying to reverse engineer a two wire RS-485 standard serial bus interface to talk to a Watlow EZ-Zone PM of which I have not been able to find any documentation of the protocol. I have managed to figure out most of the hex commands except for…
Onlyjus
  • 203
  • 2
  • 7
1 2 3
99 100