Highest Voted Questions - Reverse Engineering Stack Exchange

10

votes

2 answers

Radare2 C output

I made a simple hello world program, and put it in radare2. I then ran the pc command, which displayed C output. The output was this: #define _BUFFER_SIZE 256 const uint8_t buffer[256] = { 0x55, 0x48, 0x89, 0xe5, 0x48, 0x83, 0xec, 0x10, 0x48,…

asked Apr 20 '17 at 23:34

LifeInKernelSpace

101
1
1
4

10

votes

2 answers

What is the purpose of these instructions before the main preamble?

I wrote a small C program below: #include int sub(int x, int y){ return 2*x+y; } int main(int argc, char ** argv){ int a; a = atoi(argv[1]); return sub(argc,a); } Compiled with gcc 5.4.0 and target 32 bit x86. I got the…

asked Apr 17 '17 at 00:06

drdot

279
4
10

10

votes

1 answer

How .reloc Section is used in PE file?

I have read document pecoff_v83 of Microsoft. In The .reloc section part, I have read: The Fix-Up Table contains entries for all fixups in the image. The Total Fix-Up Data Size in the Optional Header is the number of bytes in the fixup table. The…

asked Apr 03 '17 at 06:13

QChí Nguyễn

323
1
4
14

10

votes

1 answer

How to find entry point in .exe?

Kind of a simple question. How does a program like IDA locate the entry point of an exe? If I wanted to, could i find this with just a hex editor manually?

ida

asked Mar 05 '17 at 01:15

user3457614

111
1
1
3

10

votes

2 answers

Is there an easy way to detect if the SSDT has been patched from a memory dump?

The SSDT is a dispatch table inside the Windows NT kernel, and it is used for handling calls to various internal kernel APIs. Often malware will change addresses in the SSDT in order to hook certain kernel functions. Spotting this kind of thing in a…

asked Apr 01 '13 at 21:56

Polynomial

1,272
2
12
21

10

votes

1 answer

Draw circuit of a multilayer PCB

I have found a multilayer PCB of which I need to draw the circuit. At first, I tried to find the circuit on the internet using part numbers, but I did not get any result. The PCB is from a very old alarm installation. Are there any tools or…

asked Apr 01 '13 at 13:14

user187

10

votes

3 answers

Can you decompile Actionscript 3 on a Mac?

Reverse engineering SWFs with ActionScript 3 on a Mac typically requires a Windows VM and a lot of copying and pasting. There are some good decompilers for Windows such as as3extractor but I haven't found anything that seems to work on MacOS X. Does…

asked Mar 22 '13 at 03:44

Jay

101
2
5

10

votes

4 answers

Control flow graph reconstruction projects

I'm looking for projects providing reconstructed Control Flow Graphs from binaries while supporting more than one platform (e.g. x86, x64, arm). For example, considering this short assembler program: .global main .intel_syntax noprefix .extern…

asked Sep 02 '16 at 06:46

Nordwald

2,896
13
25

10

votes

4 answers

Where do I find a cheap hardware USB sniffer

I wanto to capture and then process the USB data that is sent from a computer to a USB printer. I know that there are several software sniffers like Wireshark that can do that. But I need a hardware solution that does the capture and sends the…

asked May 24 '16 at 21:54

Elmue

441
2
4
11

10

votes

5 answers

Lifting up binaries of any arch into an intermediate language for static analysis

Background As the title is self-explanatory, I would like to translate binaries of any architecture (e.g. x86, ARM, ARM Thumb) to an intermediate language in order to apply arch-independent static analysis. To be exact, my work is confined to the…

asked Apr 17 '16 at 07:16

frogatto

205
2
8

10

votes

2 answers

Java byte code equivalent of IDA function signatures

I remember IDA (Interactive Disassembler) has a really neat feature of function signatures where you don't have to reverse engineer code found inside standard libraries. Is there a similar feature for Java byte code, especially for obfuscated code?

asked Apr 15 '16 at 09:30

Dr Deo

123
9

9

votes

1 answer

Equivalent of IDA FLIRT signatures for GDB?

Are there equivalent tools/procedures to IDA's FLIRT signatures, when working on statically linked binaries, with other disassemblers? Is it at all possible with GDB/objdump?

asked Mar 20 '13 at 21:05

Jesper.Reenberg

293
2
13

9

votes

1 answer

Saving program execution state for fuzzing

Suppose I have a program that has two functions, functionA and functionB called sequentially. functionA requires a significant amount of processing in order to execute, and in the course of the execution sets up and maintains many global variables…

asked May 21 '15 at 14:13

amccormack

1,326
2
13
29

9

votes

1 answer

Becoming A Better Reverse Engineer

I have been looking on the net and all I see when it comes to reverse engineering are a bunch of silly crackme tutorials. I want to be better at taking code from assembly to c or c++. I am getting the feeling that I am going to have to have to pick…

asked Dec 23 '14 at 07:02

LUser

783
1
4
22

9

votes

2 answers

How to extract functions from one executable to include/link in another

I'm wondering what are the options (aside from attempting disassembly/decompilation and reassembly/recompilation) one has when it comes to extracting a series of functions from one binary, compiled for a specific platform and architecture and…

asked Dec 03 '14 at 17:09

Roberto Andrade

346
3
4
13

Most Popular