Reverse Engineering Stack Exchange
Reverse Engineering Stack Exchange

Most Popular

more tags
1500 questions
7
votes
2 answers

How are obfuscators detected?

I'm guessing that tools like PeiD detect packers by looking for signatures inside the packed binary and by measuring the entropy. Is there any other work that tries to determine if a binary is obfuscated in some way based on some property of the…
user1743
7
votes
2 answers

How to set a breakpoint at the specific location on the stack in OllyDbg

Is there any way to set a breakpoint at the specific location on the stack in OllyDbg? I have some value (argument of the function) on the stack and I want to break on every memory access at this location. Thanks in advance.
FrozenHeart
  • 193
  • 1
  • 1
  • 5
7
votes
2 answers

"Debugged application has modified the debugging registers" with ollydbg 2.01

I have the following problem. When I open a sample with ollydbg v2.01, then I get that message here: Debugged application has modified the debugging registers. Maybe it called ZwContinue() or SetDebugContext(). The modifications are saved to the…
user3097712
  • 1,541
  • 1
  • 25
  • 44
7
votes
1 answer

Unknown decompression algorithm

I work on the reverse engineering of the ChessBase archive (.cbv). I found the general structure of the file and can already decompress some files. You can see my current work here. However, some .cbv files that are bigger seems to use a second…
antoyo
  • 173
  • 5
7
votes
1 answer

Reverse engineering Devolo firmware

I am trying to do some reverse engineering to a Devolo dlan wifi 500 device (MIPS architecture). My objective is to put there some firmware modified by me. This is where I got so far: Downloaded a firmware update from…
Camandros
  • 173
  • 5
7
votes
2 answers

How to get imge base of current setting through script in IDA pro?

As a beginner I'm trying to disassemble a file with IDA Pro 6.5. I know that the image base can be find in IDA Pro manu Edit -> Segment -> Rebase program. Now, I want to get the image base of current setting through IDC or IDAPython. Are there…
user6903
  • 411
  • 4
  • 11
7
votes
2 answers

Unpacking UPX packed (possibly scrambled) executable

I've decided to reverse this crackme. Obviously it's packed. I was told by PeID that there is only UPX inside. Ok, but upx -d simple crashed that's why I've concluded that this UPX may be scrambled somehow. Binary didn't run properly in…
see ya
  • 823
  • 2
  • 8
  • 20
7
votes
1 answer

at the rpcrt4!NdrClientCall2 function - how does it know which pipe to use in order to transfer data to another process?

Hey i have a very time consuming problem, and i thought i might find someone here with better experience than mine that could help me out. I am reverse-engineering an application which at some point uses the NdrClientCall2 api to use a remote…
0xAK
  • 668
  • 6
  • 19
7
votes
2 answers

Reverse engineering file containing sprites

I'm trying to reverse engineer a file that contains sprites. I want to extract the sprites out of the file. So far I've managed to find some kind of line end sequence, and with this I've been able to confirm that the sprites are in the file: I'm…
DnDiene
  • 75
  • 5
7
votes
2 answers

Why would copying a micro SD card using dd fail to produce a bootable card?

I have an embedded device which is loosely based around a Olinixino iMX233 design. This has a Freescale iMX233 microprocessor and boots from a socketed 2GB microSD card. I wish to alter the filesystem, but also backup the filesystem prior to…
Cybergibbons
  • 1,762
  • 2
  • 17
  • 26
7
votes
2 answers

Importing C header file with memory location definitions

Bear with me as I am new to IDA and have not managed to find an answer to my question on google or other related outlets. I am reversing a firmware blob from an ARM device of which I have a c header file defining various memory locations as…
Thomas
  • 73
  • 4
7
votes
1 answer

Is it possible to force IDA to acknowledge unusual frame pointer deltas?

I keep coming across a compiling pattern that IDA doesn't automatically handle well. Consider the following example: mov rax, rsp ; Set rax at the start of the function ... lea rbp, [rax-5Fh] ; Shortly afterward, set rbp as the frame pointer…
user1354557
  • 1,234
  • 1
  • 13
  • 22
7
votes
3 answers

Reverse Engineering of data structures in games

I am currently participating in a reverse code engineering seminar for my studies in informatics: games engineering and was assigned the topic about "Identifying data structures". After an extensive talk with my supervisor we both came to the…
puelo
  • 181
  • 2
  • 3
7
votes
1 answer

How to recover the exception info from .gcc_except_table and .eh_handle sections?

For C++ program with try catch defined, when using g++ to compile it into assembly code (test is on x86 32bit Linux, g++ 4.6.3) g++ -S cppexcept.cc A specified section called .gcc_except_table is produced like below: .section …
lllllllllllll
  • 2,485
  • 2
  • 32
  • 50
7
votes
2 answers

How to recover information stored in .ctors section?

Test is on x86, 32-bit Linux. I am using g++ 4.6.3 and objdump 2.22 Here is a simple C++ code I am working on: #include using namespace std; main() { cout << "Hello World!" << endl; return 0; } When I compile it into assembly…
lllllllllllll
  • 2,485
  • 2
  • 32
  • 50
1 2 3
99 100