Highest Voted Questions - Reverse Engineering Stack Exchange

8

votes

2 answers

How to modify/replace a non exported function in a native code dll

I disassembled a misbehaving dll with IDA and identified the faulty code. Now I want to go one step further and replace the function with a self-written, hopefully less faulty one. The dll I'm talking about is written in C/C++ and the function in…

dll

asked Apr 15 '14 at 07:45

user2011659

359
1
4
8

8

votes

1 answer

Disassemble communication protocol for an old device

I have an old device connected to personal computer via specific PCI card. Device is handled with C++ control application, which is not able to run on new versions of Windows. Manufacturer of that device was consumed by big company a while ago and…

asked Apr 10 '14 at 13:33

Michal

183
4

8

votes

1 answer

Router Decompiling

I am trying to extract the squashfs filesystem of my router. Here is firmware. First, I unzipped the file. Next, I ran binwalk to get some information about the file. DECIMAL HEX …

firmware

asked Apr 07 '14 at 16:12

0xcaff

257
1
3
8

8

votes

2 answers

What changes in MS Windows system libraries after restart?

I'm running a 64-bit MS Windows 7 with all updates installed. About 1 or 2 weeks ago I've noticed that whenever I restart the OS, the virtual memory pages (of whatever process), corresponding to system libraries like ntdll.dll and kernel32.dll are…

asked Mar 18 '14 at 13:32

Benny

828
7
18

8

votes

3 answers

Re-engineering to create UML Diagrams from Source and Binary

Are there tools that would create: UML Structural Diagrams from Source Code. UML Behavioral Diagrams from Binary executing on a arm / x86 system. Sources would be in C &/ C++ &/ Python. Such tools would boost productivity while…

asked Mar 06 '14 at 13:20

AjayKumarBasuthkar

205
2
6

8

votes

1 answer

identification/reverse engineer lz compression

I am doing a translation project for the PSP version of a game released by Prototype (Japanese company), but I am having trouble with some GIM files (image files). Now the actual problem is not with the gim format, but a compression that has been…

file-format

asked Feb 26 '14 at 18:43

patr0805

323
1
8

8

votes

1 answer

Chunked function (discontinuous chunks of code comprising a function)

The control flow graph below is from a single function in Notepad (Win7 64-bit). Why is the linker (or the compiler) separating the basic blocks of a single function into multiple, discontinuous ( not contiguous ) chunks?

asked Feb 13 '14 at 07:20

CarstenC4

83
1
5

8

votes

1 answer

How do you manage/backup your IDA database?

Recently I lost an important IDA database. Up until now, I manually made a copy of my work IDB every day, but that's obviously not a good backup technique. I was wondering how do you manage/backup your IDB. Like make a copy of the current IDB every…

ida

asked Jan 13 '14 at 17:15

Dominik Antal

2,038
22
39

8

votes

1 answer

Issue opening executable module in OllyDBG

I am running windows 8.1 and OllyDBG 2.0. When I attach to a process and view the executable modules, I want to open one. However, when I double click on one of the modules, it won't open in the main OllyDBG window, which it should. Has anyone else…

ollydbg

asked Dec 28 '13 at 00:48

Chris Altig

181
1
3

8

votes

1 answer

Compression algorithm from very old tape backup?

I'm recovering data from old tape cartridges from circa 1994, where the user had forgotten what software was used to write them, and it doesn't seem to be any format I recognize. Fortunately the file structure within the backup is fairly…

asked Jan 26 '23 at 16:27

Dmitry Brant

201
1
7

8

votes

1 answer

What is your vulnerability discovery process?

I myself am a static analysis guy; I mostly gave up dynamic reverse engineering ten years ago. So these days, my process is usually to locate where my input enters the module that I am interested in, and then perform heavy static analysis to…

vulnerability-analysis

asked Mar 27 '13 at 10:13

Rolf Rolles

9,198
1
23
33

8

votes

1 answer

GDB issues: Can't set breakpoint on Obj-C method

I'm a beginner to reverse engineering, I've read through a few tutorials and know my way around some basic GDB and assembly code. After working my way through a few trivial examples I'd like to try something a bit more 'real-world'. My goal is to…

asked Nov 26 '13 at 15:15

SlEePlEs5

81
2

8

votes

1 answer

Semantics-based obfuscation

I have some (very blurred as usual) thinking about the semantics obfuscation, that come from this question and the excellent answers of @RolfRolles and @Andrew. As far as I understand, the ideas of the authors in this paper about Semantics-based…

obfuscation

asked Nov 25 '13 at 23:58

Ta Thanh Dinh

1,410
8
12

8

votes

1 answer

Reverse engineering XKCD 1190

The latest (as of now) comic is titled "Time". It's a standard-looking comic though without much action, but the picture's alt title says "Wait for it.". I waited but nothing happened (tried in Opera and IE9) so I took a look at the page…

asked Mar 27 '13 at 01:16

Igor Skochinsky

36,553
7
65
115

8

votes

1 answer

String extraction from an iNES ROM dump

I want to extract the strings in Shadowgate for NES. I ran file on the image and then strings, no luck. I found some information about the NES cartridge file format. The docs mention the use of “Name Tables”. Is there a way to disassemble this file…

asked Nov 02 '13 at 13:42

user3094

Most Popular