Highest Voted Questions - Reverse Engineering Stack Exchange

9

votes

3 answers

How to get virus body of Polymorphic Malware

I want to decrypt polymorphic malware and want to get actual virus body which is going to do infection. I tried to decrypt virut.ce (this is one polymorphic malware) in ollyDbg but it is using anti debugging and anti emulation technique and so it is…

malware

asked Jul 07 '13 at 17:17

user1744108

161
6

9

votes

2 answers

Exporting structures and enums in IDA

It is possible to import structures and enums declarations from C files in IDA. However, is it possible to export structures and enums to C?

ida

asked Jul 03 '13 at 21:36

ekse

2,208
13
19

9

votes

3 answers

How to differentiate from different hex files of different families of microcontrollers?

Is there any way to differentiate different microcontroller's hex files? I have a hex file and now I have forgotten of which micro-controller it belongs. Is there any available tool to tell this? or any tip or trick to know? Edit: There is a…

asked Mar 24 '13 at 16:25

Abdul Rehman

277
1
2
4

9

votes

4 answers

What is the difference between MOV and LEA in example?

Looking at an assembly code snippet I see: lea rax, [rbp-0x50] Which tells me that the rax register now points to whatever value is in rbp-hex(50). Question. Would I achieve the same result doing this? : mov rax, dword ptr [rbp-0x50] If so, what…

asked Feb 18 '20 at 18:54

user3732445

321
1
3
6

9

votes

1 answer

IDA Pro: What does "Create EXE file..." option do?

I have come across File -> Create EXE file... option in IDA. I thought one couldn't use IDA for patching. I have tried playing with it. However, it gives me the following error: This type of output files is not supported. What is this option for?…

asked Jun 24 '13 at 13:15

PSS

3,088
1
21
35

9

votes

2 answers

Decompiling return-oriented programs

How are return-oriented programs decompiled/reverse engineered ? Any pointers to any papers or reports would be appreciated.

asked Jun 21 '13 at 02:05

debray

668
3
7

9

votes

1 answer

IDA pro and default windows (lib) functions

Why can't IDA Pro successfully determine which exact functions are called after successful disassembly of inline functions? For example, statically linked functions like printf(), memcpy(), memset() are not recognized correctly. Is there a…

asked Jun 19 '13 at 11:45

n00b

581
5
5

9

votes

2 answers

Highlight Executed Basic Blocks in IDA

When I execute a program using IDA's debugger interface, I would like to see the basic blocks that were executed highlighted in the IDB. Is there a way to do this?

ida

asked Jun 11 '13 at 03:13

user2142

1,537
2
14
17

9

votes

2 answers

How to do debug a running java process in linux?

TLDR I want to do live debugging of a java program on a linux machine, and don't how/what debugger to attach to the JVM to get this done. I expect that this is a well-solved problem, but I lack the terminology to find a solution after several hours…

asked Jul 26 '19 at 19:01

stacksmasher

91
1
3

9

votes

1 answer

What is MSR Tracing?

I was reading a old blog post on OpenRCE that mentions MSR tracing in the context of binary only profiling and coverage. The only Google hits for this term are a few emails on the Xen mailing list that I am not able to understand. What is MSR…

dynamic-analysis

asked Jun 02 '13 at 19:01

user2142

1,537
2
14
17

9

votes

4 answers

Use ghidra decompiler with command line

Is there a way to run ghidra from command line ? GUI interface is very heavy. What i want is just to get functions list and decompile them in c. Thanks

ghidra

asked Apr 24 '19 at 15:26

Bob5421

797
1
9
20

9

votes

1 answer

Ghidra define c++ string

So I want to define a c++ string in ghidra struct. I noticed while reverse engineering a C++ binary, I found that, it defines a basic_string class in the symbol tree. Now I want to define a std::string (not a pointer to it) within a struct. Is…

ghidra

asked Mar 08 '19 at 00:35

theKidOfArcrania

191
1
4

9

votes

2 answers

How to prevent automatic padding by IDA?

I defined a struct in a header file, similar to this one: struct STRUCT { char a; int b; }; This is parsed successfully by IDA, however it adds padding bytes after the char: 00000000 STRUCT struc ; (sizeof=0x4) 00000000 a …

ida

asked May 17 '13 at 13:29

heinrich5991

627
11
21

9

votes

3 answers

How can one extract the appended data of a Portable Executable?

How do you reliably extract appended data in a Portable Executable?

pe

asked May 06 '13 at 10:59

Ange

6,694
3
28
62

9

votes

2 answers

How can one extract resources from a New Executable?

I'm trying to extract menus and other stuff from a New Executable (NE), i.e. the ones from Windows' 16-bit times. The tools I find (e. g. ResourceTuner) work for PEs only. Any idea for tools to facilitate the resource extraction? Could be several…

asked May 03 '13 at 20:49

heinrich5991

627
11
21

Most Popular