Reverse Engineering Stack Exchange
Reverse Engineering Stack Exchange

Most Popular

more tags
1500 questions
7
votes
1 answer

Reverse-engineering a tough-to-crack video game save-file checksum

Been trying to figure this one out for a while now, and would be eternally grateful for anyone with more experience in checksum algorithms lending a hand. I've been trying to alter save files for an old Playstation 2 game for a long time, now.…
Erik Elgerot
  • 71
  • 1
  • 4
7
votes
1 answer

Problem while debugging with gdbserver in IDA Pro

I'm new to debugging with IDA Pro and I ran into the problem that my breakpoint is not hit while attempting to debug with gdbserver. The program is written by myself and it is simple to debug with gdb. Can someone please help me regarding debugging…
Benny
  • 828
  • 7
  • 18
7
votes
2 answers

GUI for transforming Java Bytecode based on decompiled source?

Okay. So I've just come up with the most amazing program for java developers and reverse-engineerers and I was wondering if something like the following program already exists: What I'm thinking of is like a middle-ground between something like…
Taconut
  • 173
  • 1
  • 4
7
votes
4 answers

Disassemble using an emulator

I learned the disassembly challenges from this link. The following six challenges are listed in that article: Data embedded in the code regions Variable instruction size Indirect branch instructions Functions without explicit CALL sites within the…
ZillGate
  • 173
  • 5
7
votes
3 answers

How to strip more than symbols?

I've noticed that, even after stripping symbols from my executable, class names and their methods are still included at the end of the executable file. For instance: #include using namespace std; class Clingons { public: void…
user2005
7
votes
2 answers

What's the difference between a disassembler, debugger and decompiler?

I have heard of disassemblers like IDA and debuggers like OllyDbg but honestly, when you give both of them a binary file it gives me the assembly code. I know that the decompiler gives the source code if you provide it a binary. However, I don't…
Pervy Sage
  • 1,205
  • 2
  • 11
  • 9
7
votes
2 answers

What is the meaning of kernel32.BaseThreadInitThunk?

I tried to analyze a program in assembly using ollydbg. In the first line I have the following: MOV EAX, DWORD PTR FS:[0] In the register window, I've got the information: EAX 7570EE0A kernel32.BaseThreadInitThunk and in another window about FS…
user3097712
  • 1,541
  • 1
  • 25
  • 44
7
votes
3 answers

Reliable algorithm to extract overlay of a PE

I write a Portable Executable (PE) library that also provides finding the starting offset of the overlay (appended data to the PE that is not mapped into memory). My algorithm finding the overlay offset looks like this so far: public long…
Karsten Hahn
  • 315
  • 2
  • 10
7
votes
2 answers

What skills, other than practice, should I acquire to be good at reverse engineering softwares?

What would help me to be improve my self, What subjects should I study and learn from which increase my ability to be be better at reverse engineering a software ? i.e: Calculus, Integration ?
Suhaib
  • 111
  • 1
  • 4
7
votes
2 answers

Difference between 'add' and 'adds' in ARM assembler?

I am starting to look a bit more precisely at ARM assembler and I looked up some dumps from objdump. I saw a lot of instruction (add is not the only one) with an extra s at the end (adds, subs, ...). I looked a bit to the ARM documentation and it…
perror
  • 19,083
  • 29
  • 87
  • 150
7
votes
1 answer

Recursive traversal disassembling with Radare2?

I am trying the recursive traversal disassembler of the radare2 tool. But, I cannot use it properly. First, according to the radare2 manual, we can use recursive traversal disassembler by using the pdr: [0x00404890]> pd? Usage: pd[f|i|l] [len] @…
perror
  • 19,083
  • 29
  • 87
  • 150
7
votes
1 answer

Recovering original PE sections after Themida merges them

Visual C++ produces binaries with .code, .rdata, and .data sections (in that order). Themida merges all three into a nameless section, which is detrimental to analysis. In particular, I want to run the Extra Pass plugin for IDA on a dump from memory…
higaki
  • 473
  • 2
  • 8
7
votes
2 answers

Virus uses a custom XOR encryption and need help possibly cracking it / Reversing EXE

As stated in my previous question i was infected by a encrypting virus that encrypts two 1024 byte blocks of any given file (First 1024, and last 1024) in some type of custom CFB XOR encryption. I was able to get my hands on a decrypter that…
user3546043
  • 113
  • 4
7
votes
2 answers

How do I view external function calls in dynamically linked ELF binary in linux?

I used the file command in Linux to get information about a binary file. I am also looking for the addresses that these calls are located at. I think I can get this information from GDB or objdump but I am not very good with Linux commands and…
user4466
7
votes
1 answer

What safety steps are to be followed when opening up an unknown piece of hardware?

I recently found a plastic box with various dials and unknown sockets on it, in my Grandfather's attic. It is around 12"x8"x4". From the plastic, it appears to be of 1980's vintage. I asked around, and no one knows what it is. What safety…
Devdatta Tengshe
  • 339
  • 2
  • 7
1 2 3
99 100