Highest Voted Questions - Reverse Engineering Stack Exchange

7

votes

1 answer

Attaching gdb to hidden library/process

On OSX I'm trying to debug/attach to a framework that the application unarchives at runtime. The frame work normally resides in the /Resources folder within the application bundle as .gz file. The problem I'm having is that framework doesn't appear…

asked Aug 31 '13 at 06:10

Joe Habadas

171
1

7

votes

3 answers

Special Properties of Delphi (Object Pascal) Executables

While reading some threads on other reverse engineering forums, I learned that executable programs compiled in Delphi have special properties. I'm not sure what those special properties are but I think it somehow makes them harder to reverse…

executable

asked Aug 31 '13 at 03:48

Penguin

113
1
3

7

votes

1 answer

Unusual x86 switch statement?

I have come across the following x86 (Built with some version of Visual Studio AFAIK) switch statement: 0x1009E476 cmp edx, 0x3B 0x1009E479 jnz switch_statement switch_statement: 0x1009E591 movzx ecx, byte [indirect_table+edx] 0x1009E598 jmp…

x86

asked Aug 27 '13 at 13:56

QAZ

2,571
22
22

7

votes

1 answer

Reverse engineer compressed iOS app file

I want to find out the compression method used by an iOS app used for music notation to store its files. The files of its OSX counterpart are zipped files. You cannot create files in the iOS app, but you can upload them using the desktop application…

asked Dec 19 '20 at 20:53

Dimitris

71
3

7

votes

2 answers

What is difference between Digital Forensic and Reverse Engineering

I am not able to understand exact difference in Digital Forensic and Reverse Engineering. Will Digital Forensic has anything to do with decompilation, assembly code reading or debugging?

asked Aug 17 '13 at 14:15

Pranit Kothari

927
1
10
13

7

votes

4 answers

Tracing to a function during debugging?

I am trying to find an encryption algorithm for a game client, but I need to find the actual register/stack in the client before I can decrypt/encrypt the packets correctly (on my emulated server side). The problem is that I have no idea how to find…

asked Aug 02 '13 at 07:24

bibs

71
1
2

7

votes

4 answers

PDB v2.0 File Format documentation

Where I can find such information? I've already read the undocumented windows 2000 secrets explanation of it but it isn't complete. For example the 3rd stream format isn't explained. I have looked at this, where some general info about the streams…

asked Jul 28 '13 at 00:05

sasho648

421
5
11

7

votes

3 answers

Dump Flash Memory with SPI from SPANSION FL016KIF

I have a SPANSION FL016KIF (pinout on p.12) on a board and I want to dump the data. I try to use the BusPirate v3 for that. I want to do this in-circuit. I didn't connect WP# and HOLD#. This is the command transcript I used to set it up (I also…

asked Jul 27 '13 at 18:35

samuirai

3,079
4
23
37

7

votes

3 answers

Why are there (sometimes major) differences between java source code and its decompiled result?

I compiled some [relatively complex] Java code into a .class file, then used jad to decompile it back into java. Of course, the code was obfuscated, which was to be expected. However, given that I had the original code, I thought I'd be able to look…

asked Jul 22 '13 at 21:20

JMcAfreak

862
7
25

7

votes

2 answers

How should I go about trying to figure out the programming language that was used?

I have an executable file and I would like to figure out which programming language was the source code written in. The first step would be to use a disassembler. What should be done after that ? Also, I read that determining which libraries are…

asked Mar 25 '13 at 14:41

asheeshr

2,465
8
28
41

7

votes

1 answer

Is there documentation on the Ghidra 9.1 SleighDevTools?

I am working on adding a processor to Ghidra (I have no idea what I'm doing, just working my way through based off the documentation). I've seen SleighDevTools mentioned in the 9.1 release as being "support of processor module development", which…

ghidra

asked May 20 '20 at 02:35

Heiko

73
3

7

votes

1 answer

Is it possible to load multiple files into a single Ghidra memory map?

1980s arcade video games generally had multiple ROM chips. I suppose these often mapped into a single address space and often may have been bank switched in and out of sections of a single address space, and often a mix of the two. Conceptually…

ghidra

asked Apr 18 '20 at 02:40

hippietrail

515
4
17

7

votes

3 answers

Reverse engineering a VC++ video game

So I know x86 machine language and C++/C language. In the last weeks I've dedicated to learn Windows internals and especially PE format. My target is retrieving the Tomb Raider The Angel of Darkness source code files. This is 3d video game released…

asked Jul 13 '13 at 18:39

sasho648

421
5
11

7

votes

2 answers

Accessing Data Marked as Alignment Bytes in IDA

Some compilers will add useless bytes in functions or in between functions. In the below block of code at 0040117C we can see the "align" keyword that was inserted by IDA. .text:00401176 mov eax, [edx+4] .text:00401179 …

asked Jul 05 '13 at 18:05

alexanderh

1,062
8
14

7

votes

1 answer

Using MIPS EJTAG functionality in OpenOCD

I am trying to use the OpenOCD functionality of a BusBlaster to debug a MIPS target. However, it doesn't look as though my target MIPS chip is defined in the list of sample target chip configurations - in my directory for OpenOCD, version 0.7.0, I…

asked Jul 02 '13 at 13:46

dingo_kinznerhook

1,016
8
34

Most Popular