Highest Voted Questions - Reverse Engineering Stack Exchange

9

votes

6 answers

Radare2 (noob question) can't set breakpoint?

I was following this video at the end it shows how to do basic stuff with Radare2 (r2). When I try to set a break point with: db 0x004005bd Where 0x004005bd is the first address of the main function that just does: push rbp But after I run the db…

asked Oct 10 '16 at 14:25

tatticadanito

91
1
1
2

9

votes

2 answers

REIL Implementations and Adoption?

Apart from BinNavi (A commercial product from the creators of REIL), I am only aware of one project using REIL, which implements a tiny handful (mov/add/sub/inc/jmp) of the translators to convert x86 to REIL. What other 3rd party REIL…

asked Mar 28 '13 at 19:05

QAZ

2,571
22
22

9

votes

1 answer

Encrypting text in binary files

Text strings are usually easily read in a binary file using any editor that supports ASCII encoding of hexadecimal values. These text snippets can be easily studied and altered by a reverse engineer. What options does a developer have to encrypt…

asked Mar 28 '13 at 16:55

Mellowcandle

4,795
6
34
47

9

votes

2 answers

Open-source equivalent for FLIRT

I am using a C disassembler and I need to identify compiler-intrinsic functions (i.e. SEH_prolog, SEH_epilog etc.) within my C program. Right now, the only way I can do that is to use IDA's FLIRT (Fast Library Identification and Recognition…

asked Aug 23 '16 at 08:59

Aviv

337
4
12

9

votes

2 answers

How to get cross-references to a struct type in IDA by IDAPython and add comments to variables of the struct type

I'm writing an IDA plugin using idapython in order to add comments (located in database) to variables of struct types. In order to do this, firstly, i need to get the list of cross-references to a given structure type (e.g. struct BITMAPINFO) which…

asked Jun 03 '16 at 05:25

Bingchang

103
1
7

9

votes

1 answer

Visual Basic internal structure

I am analyzing some Visual Basic 6.0 malware(before .NET) and I have several questions regarding the internal structure of the format. The samples I have are both p-code or native code compiled(depends on the malware version). In the last couple of…

asked Apr 07 '16 at 07:30

ubnix

1,073
7
15

9

votes

1 answer

Immunity Debugger on Windows 10?

Has anybody gotten Immunity Debugger to work on windows 10 yet? I downloaded it on Windows 10, launch it as administrator, and the GUI opens for about half a second and then it exits, no errors or messages. I have python installed, I reinstalled…

asked Mar 07 '16 at 00:11

Starwarsfan2099

345
1
2
10

9

votes

3 answers

How to manage/revert to specific OS versions for effective patch diffing?

For the purpose of learning about the complexities involved in writing PoC's (and gaining experience in) one could do patch diffing and have real world vulnerable examples to practice on. For now please disregard the idea of making your own…

asked Mar 21 '13 at 12:53

ixje

1,733
14
25

9

votes

2 answers

Is there a way to set the cursor address in IDA Pro?

In the same way that ScreenEA() returns the current cursor address, is there a way to set the address? Something that would resemble SetScreenEA()?

asked Dec 15 '15 at 08:34

Derek

95
1
4

9

votes

1 answer

How to unpack manually an upx packed elf file

I am trying to learn to manually unpack an upx packed elf file. The examples I have found are for Windows, mostly with Ollydbg, and as I see the first step is to look for pushad and popad instructions. I have a 64 bit executable, so I assume I have…

asked Dec 09 '15 at 13:55

robert

887
2
12
28

9

votes

2 answers

Good training for IDAPython

I'm familiar with python and IDA in general. I found a few very basic tutorials but nothing that goes through an explanation of the classes used and the full capability set. Near as I can tell the documentation consists of a list of functions. …

asked Nov 24 '15 at 14:57

bravosierra99

238
2
6

9

votes

1 answer

What does a C++ class look like in assembly

I am planning to do some reverse engineering on an application that was written in a object oriented way. And now I'm kind of curious what a C++ class would look like in assembly. I already found out the basics about functions and their calling…

asked Oct 08 '15 at 12:29

Forivin

209
2
6

9

votes

1 answer

AMD64 compiler optimizations with register manipulations

AMD64 (aka x86-64 or x64) registers can be accessed 8, 16, 32 or 64 bits at a time. When reading a disassembly listing, what register operations are not straightforward? For example, when an instruction accesses part of a register, how does it…

asked Mar 21 '13 at 01:44

Modoc

429
4
8

8

votes

2 answers

Identifying variable args function

How would a C variable argument function such as printf(char* format, ...) look like when disassembled? Is it always identified by calling convention, or are there more ways to identify it?

asked Mar 20 '13 at 20:34

Mellowcandle

4,795
6
34
47

8

votes

1 answer

Reversing a 2.4Ghz Quadcopter remote control

TL;DR - I can't figure out why I'm failing to replicate the Quadcopter's remote control with, say, Arduino and NRF24L01 after eavesdropping the SPI commands on the remote control. So I got this cheap quadcopter, actually 3 different models (this,…

asked Jul 11 '15 at 22:06

Omer

256
1
5

Most Popular