Highest Voted Questions - Reverse Engineering Stack Exchange

8

votes

1 answer

Illegal Instruction exploiting sample Buffer Overflow code

Some days ago I coded a simple code to test a buffer overflow exploitation on x86 system. In order to keep it simple I disabled ASLR and NX so there are no protection that could cause weird behaviours. This is my C code to exploit: #include…

asked Nov 01 '13 at 19:26

Nucklear

725
2
8
17

8

votes

1 answer

Determining communication protocol

I have two chips that are connected using two lines. One appears to be the clock line (50% duty cycle), but it doesn't have to be (sometimes constant high). The other line appears to be totally random, but still digital. It might be data. There is a…

asked Mar 26 '13 at 18:11

user187

8

votes

3 answers

How can I clean up strings built at runtime (stack strings)?

How can I clean up/simplify strings that are built at runtime? I've seen this a couple of times and figured that there has to be something easier. I've been manually converting the characters to try and interpret what strings are being…

asked Oct 29 '13 at 16:48

phoenix89

83
3

8

votes

2 answers

Adding Backlink for XREF in IDA

I have an indirect call to a function. I traced the program and added the target to the xref, so this works fine. The problem is though, that on the position where the call is, there is no link shown. I thought, that, when I add an XREF, both…

ida

asked Oct 20 '13 at 08:37

Devolus

963
1
10
21

8

votes

4 answers

Deal with obfuscated assembly

When using objdump I see the following disassembled code: 8049436: 89 04 24 mov DWORD PTR [esp],eax 8049439: e8 52 f7 ff ff call 8048b90 804943e: 89 44 24 24 mov DWORD PTR…

asked Oct 15 '13 at 19:49

Mew

183
4

8

votes

2 answers

Determining RS232 bus settings

I have a device with two chips without part numbers. It looks like their using RS232 for serial communication (proper setup, right voltage), but I do not know the bus settings (speed, parity, etc.). Is there any way to determine the bus settings…

asked Mar 26 '13 at 16:48

user187

8

votes

1 answer

IDA Plugin writing generic questions

I am trying to write a plugin for IDA PRO, mainly because I want to use the nifty graphing feature on a custom intermediate language. After the first look at the IDA plugin system, I am a little lost. Before I dig deeper, I have some generic…

asked Oct 05 '13 at 16:13

bernd feinman

463
1
3
10

8

votes

2 answers

How to Attach debugger or start analysis of process that is debugging itself?

I need and advice on how to start an analysis, connect with debugger to a process that is already debugging itself. Are there any tools/plugins/techniques that might help during the analysis? UPDATE If I connect to the parent process with a debugger…

asked Sep 29 '13 at 15:29

PhoeniX

3,052
16
30

8

votes

1 answer

Reversing DLink DIR100 firmware

I'm trying to extract this firmware but I'm running into some issues. The first lecture of the firmware with binwalk shows this: DECIMAL HEX …

firmware

asked Sep 24 '13 at 08:58

Nucklear

725
2
8
17

8

votes

2 answers

How do I determine the length of a routine on ARMv7?

I am disassembling and reverse engineering the logic of an assembly routine written in ARMv7 (hope I'm using the right terminology, as I'm a newbie for this particular processor). In doing so, I came across this site: Introduction to ARM. In order…

asked Sep 23 '13 at 03:14

chuacw

273
2
8

8

votes

1 answer

Reverse engineer a proprietary save/file format structure

I am working on automating some functionality within a closed-source third party application; I want to automate the creation of "Project Files" (in its simplest form, just a collection of video files in a specific order). The video files which this…

asked Sep 20 '13 at 19:58

araisbec

183
4

8

votes

3 answers

Find a string that I entered in ollydbg

Say, there's an input box and I enter a text. Can I somehow find the location that text is entered?

ollydbg

asked Sep 16 '13 at 18:04

aclowkay

413
2
4
7

8

votes

3 answers

Hauwei E586 firmware

I'm working on unpacking Hauwei E586 MiFi firmware. I downloaded firmware update pack which is available as Windows EXE, then used Hauwei Modem Flasher to unpack real firmware from installer. I've got 4 files: 01.bin: data 02.bin: ELF 32-bit LSB…

asked Sep 07 '13 at 10:57

pbm

231
1
10

8

votes

1 answer

Getting IDAPro to analyse part of memory as PE-File

I am using Qemu with its internal GDB server to attach IDA Pro to an instance of Windows 8 x64. There are some problems to solve, because when I am connecting to the GDB server, I am just seeing a bunch of memory. Detecting the ntoskrnl.exe base…

asked Sep 06 '13 at 05:23

defragger

536
4
7

8

votes

1 answer

Can I set entry point at code in PE headers?

If I set something like 0x00000040 (my code is located at this address), then the program crashes with this error: The application was unable to start correctly (0xc000007b) But if I jmp from the code section to 0x00400040 then it works. Why did I…

asked Aug 25 '13 at 12:08

edhoklorf

81
3

Most Popular