Highest Voted Questions - Reverse Engineering Stack Exchange

9

votes

1 answer

Decompiling an executable compiled by vercel/pkg

I have a .exe file that I am trying to get the source code of, After some digging I figured out that it's in node.js and was compiled using vercel/pkg I tried using pkg-unpacker however the output is all messed up and have a lot of null characters,…

asked Sep 25 '22 at 00:07

Anon

91
1
2

9

votes

1 answer

IDA Pro: use structs on parameters

I have a small function that is given a struct as parameters. The struct looks to something like this: struct my_struct { short a; unsigned int b; unsigned int c; }; Taking care of the alignment I build the following struct in IDA: field_0…

asked Nov 20 '13 at 12:57

sqrtsben

330
2
6

9

votes

2 answers

Decoding an ancient format

It's a very interesting file format may greatly satisfies binary archaeologists. sample file Background This file format was created in 90s to archive customer created AutoCAD components library like window, door and column. The first line is in…

asked Nov 20 '13 at 10:39

wangii

169
5

9

votes

1 answer

Understanding this Buffer Overflow exploitation

some days ago I took this piece of code from opensecuritytraining.info to test a buffer overflow exploitation: #include char *secret = "pepito"; void go_shell(){ char *shell = "/bin/sh"; char *cmd[] = { "/bin/sh", 0 }; …

asked Oct 12 '13 at 14:54

Nucklear

725
2
8
17

9

votes

1 answer

Decompile "Internal Call"

I have a .NET method which is marked as an "Internal Call", meaning that it is implemented within the CLR itself. Is there any way to locate the code for and/or decompile such a method?

asked Sep 06 '13 at 12:49

Levi Botelho

193
4

9

votes

1 answer

Reverse engineering apps for Windows Phone 7 and 8

How can I reverse engineer Windows Phone apps? Especially apps that are running on version 7.8 and 8 of the OS? I'm looking for tools and procedures for doing this.

windowsphone

asked Mar 26 '13 at 03:30

user297

91
1
2

9

votes

1 answer

How to debug DLL imported from an application?

I want to debug a DLL when it is called from an application. For example, when Firefox calls nss3.dll "NSS Builtin Trusted Root CAs" to check HTTPS Certificates, I want to catch the nss3.dll and debug all its transactions with a known debugger like…

asked Sep 02 '13 at 21:06

studentofmp

317
2
4
9

9

votes

1 answer

Reverse engineering a Solaris driver

I have several Solaris 2.6 era drivers I would like to reverse engineer. I have a Sparc disassembler which provides some info but it isn't maintained anymore so I think it may not give me all the information possible. The drivers are for an Sbus…

asked Mar 19 '13 at 22:51

cb88

2,320
2
18
33

9

votes

1 answer

Advice on how to attack my first reverse engineering project?

Suppose you've never done reverse engineering before (apart from taking apart already-broken tape recorders). Also suppose you had a machine as pictured below, with a serial-looking and another multi-pin connector on the back. Thirdly, suppose you…

asked Jan 22 '21 at 23:21

noughtnaut

193
1
5

9

votes

1 answer

What x86 calling convention passes first parameter via ESI?

I am looking at some x86 code, which I believe was built using a Microsoft tool chain, and am trying to figure out the calling convention used during this call: push esi ; save ESI (it gets restored later) lea esi, [ebp-0xC] ; set param 1 for…

asked Aug 22 '13 at 15:37

QAZ

2,571
22
22

9

votes

1 answer

BYTE3, does it mean the third or fourth byte of an int? IDB file that's already supplied

I've got a program that i'm trying to debug a little bit by trying to make sense of a function or two, there's already some info that i've downloaded via a idb file and it's helped me get somewhere. But i'm kind of stuck on a part where i've got…

asked Aug 18 '13 at 10:05

lfxgroove

369
4
13

9

votes

2 answers

What is this 'mathematical jigsaw puzzles' obfuscation?

You must have heard about it, it all over the on-line newspapers. Some researchers from UCLA claims to have achieved a breakthrough in software obfuscation through 'mathematical jigsaw puzzles'. Their scientific paper can be found on IACR eprint…

asked Aug 05 '13 at 08:51

perror

19,083
29
87
150

9

votes

2 answers

Why use MOV R0, R3 and then MOV R3, R0 (thus back and forth)

I have a static library archive which I try to understand. First I use 'ar' to extract the object files. The object files ar "ELF 32-bit LSB relocatable, ARM, EABI5 version 1 (SYSV), not stripped" Then I use 'objdump -D' to get the assembly…

asked May 20 '20 at 16:03

JoHu

91
2

9

votes

3 answers

Hook end/middle of function

How could I hook anywhere but the beginning of a function? I'm trying to add features to a third party executable, and I need it to execute it's code completely, then pass its data onto my function. I can't quite conceive how to do this. Is there an…

asked Jul 13 '13 at 23:43

Sean Heiss

213
2
5

9

votes

1 answer

How does GDB's process recording work?

A curious and useful feature of GDB is process recording, allowing an analyst to step forwards and backwards through execution, writing a continuous log of the changes to program state that allow for remarkably accurate playback of program…

asked Mar 24 '13 at 17:46

zetavolt

1,213
11
12

Most Popular