Highest Voted Questions - Reverse Engineering Stack Exchange

7

votes

1 answer

Calling fgets while debugging under IDA Linux

I have _fgets call in a program I want to debug in IDA. My program receives SIGTTIN while calling it, that's normal. But when I mark to pass SIGTTIN to application, program waits for input in terminal, but neither pressing Enter key, nor Ctrl-D stop…

asked Nov 29 '13 at 22:08

michaeluskov

171
3

7

votes

4 answers

Secure RE-ing a PHP script

I have a very messy PHP script of which I need to determine the function. I can't quite understand the code, it's really messy. Now I thought that I perhaps could reverse engineer this script. What I want to do is to run this script (eventually with…

asked Mar 27 '13 at 08:23

user187

7

votes

1 answer

Is there a way to set the number special purpose registers in IDA pro with a script?

IDA has this nifty habit that when it doesn't know what a special purpose register is, it just drops in the number of the register instead. While this is all well and fine, I'd like to be able to correct these items in my database. I know I can just…

asked Nov 14 '13 at 15:43

Wyatt

71
5

7

votes

1 answer

Struct with negative offset in IDA possible

I have a structure which looks like this: RefString struct RefCount dd ? StrLen dd ? CString db... RefString ends When the code passes around a pointer, it doesn't point to the beginning of the struct (RefCount), instead it…

asked Oct 31 '13 at 11:39

Devolus

963
1
10
21

7

votes

2 answers

Which instrument is effective in discovering carrier frequency?

If two devices have wireless interconnection, how to detect carrier frequency? Range may vary in all radio, from FM, GSM to Wi-Fi and WiMax. Which tools are effective for doing this? Which one is economical to use? This question like a first part of…

asked Oct 30 '13 at 12:14

polar bear on the white snow

249
1
5

7

votes

1 answer

How to perform SIGTRAP emulation with GDB?

I am trying to analyze a crackme file. When I open it with gdb, I firstly set its SIGTRAP handler with, e.g., int80.SIGTRAP handler address 0x8011111. I caught it through catch syscall signal in gdb. And, there are some traps in the application,…

asked Oct 29 '13 at 17:03

Eren Yagdiran

171
2

7

votes

3 answers

Paste hex bytes into IDA Pro Hex View

Is it possible to paste a series of bytes into hex view of IDA? Say I have a large buffer I need to fill with a specific value, and I have it in the form most hex editors output... 0A AB EF FF 00 01... is there some quick way to write this value to…

asked Oct 24 '13 at 09:15

Ditmar Wendt

547
1
7
15

7

votes

2 answers

How to find file compression or obfuscation type

The program I'm trying to decompile uses several supporting files: somesound.mp3 someimage.jpg etc.. The files are all located in the file system, not embedded into the exe. The files are used at runtime for the game images and sounds. If I try…

asked Oct 15 '13 at 16:57

Drahcir

171
1
5

7

votes

1 answer

Inserting resources.properties file into an APK - language compatibility

I'm reverse engineering an android application. It's been a while since I've poked with this but I"m having an issue editing the APK to deal with some language areas. The original app is from a different country. When decompiling and recompiling,…

asked Oct 12 '13 at 19:11

Fewmitz

1,022
5
16

7

votes

1 answer

How to extract the input file offset of a byte in idapython?

For every selected byte Ida Pro displays the offset in the input file where the byte can be found (displayed in the buttom bar of the Ida-View and the Hex-View). How can I retrieve this information when using the idapython API?

asked Sep 25 '13 at 13:35

Christopher Mann

73
1
3

7

votes

3 answers

unpack Clear spot .bin firmware update

I am trying to unpack a clear spot firmware update The firmware I am trying to reverse can be found on the download page of the vendor I have used the fwtools to unpack the firmware as described on this page. After I did this, I managed to get a…

asked Sep 16 '13 at 22:56

Ahmed Rhuma

71
1
5

7

votes

1 answer

Patching PE File - Adding data

After opening a PE file with a disassembler, I know which instructions I have to patch. And if I have to add some data I can adjust the PE file structure manually so that it gets parsed correctly and executes. Example, Replace EB 1C with E9 1C…

pe

asked Sep 14 '13 at 06:57

Zingaro

73
3

7

votes

1 answer

Read a struct from memory

I'm trying to load a struct defined in a program that i'm reading the memory of, so I can use it to define objects in my python debugger (in windows). What format do structs take in memory, and what information can i get from finding the struct. Is…

asked Sep 14 '13 at 06:29

yarbelk

173
5

7

votes

1 answer

Why can C# applications be reverse-compiled with variable names while C++ ones can't?

Why can programs written in C# be reverse-compiled essentially to their original form with variables names (such as dnSpy) while C++ decompilers (such as Ghidra) are unable to decode the variable names?

asked Apr 06 '21 at 02:45

Polydynamical

173
1
7

7

votes

3 answers

What is the Ubicom32 toolchain and where can I find it?

I am currently reversing firmware for some device. Without any issues I was able to reach deep into its core and extract the file-system. Now I was trying to reverse some of the special applications on this device. After checking the file format I…

asked Aug 31 '13 at 11:21

Stolas

2,331
14
34

Most Popular