Highest Voted Questions - Reverse Engineering Stack Exchange

7

votes

1 answer

Seeking for explanation about “ in_FS_OFFSET ” and “ __stack_chk_fail() ”

This is the part of the picoCTF 2019 problem "Investigative Reversing 0". I've encountered the following code when using Ghidra: if (lVar1 != *(long *)(in_FS_OFFSET + 0x28)) { /* WARNING: Subroutine does not return */ …

decompilation

asked Feb 21 '20 at 23:22

charlie

71
1
3

7

votes

3 answers

What is this obfuscation method called?

I have recently seen the following code obfuscation method: ... jump loc_1234 ;------------------------- Bunch of junk ;------------------------- loc_1234: code continued... The logic behind the obfuscation mechanism looks pretty…

asked Jun 25 '13 at 17:01

PSS

3,088
1
21
35

7

votes

1 answer

Setting GDB watchpoint on a string

I am attempting to reverse engineer a 32-bit stripped, dynamically linked ELF executable. I want to know when a specific string is printed to the console. I ran the following command: root@testbox> strings -a --radix=x binfile | grep -i reset d38c4 …

gdb

asked Jun 24 '13 at 18:34

Compster

369
2
9

7

votes

3 answers

IDA Pro function stack frame view

IDA Pro displays certain buffer or padding above (at lower addresses) local variables in stack frame view. For instance: Example 1. The following screen shot of stack frame view shows 12 bytes (included in the red box) buffer: Example 2. The…

asked Jun 19 '13 at 02:00

PSS

3,088
1
21
35

7

votes

2 answers

Remote debugging with IDA and GDB

Recently I've run across an ELF file that I would like to debug using IDA. I've used GDB for basic debugging but I would like to utilize IDA. I've been researching for a while and can't seem to find a good tutorial. I understand how to set IDA up…

asked Jun 16 '13 at 17:01

RE Noob

71
1
1
2

7

votes

2 answers

CPU support by ghidra

Where can I see all the CPUs supported by Ghidra? Does Ghidra support more CPUs than IDA Pro?

asked Dec 06 '19 at 07:36

Ghji

71
1
2

7

votes

2 answers

Making Visual C++ harder to reverse engineer

This is similar in nature to this question and this question; I'm interested in what compiler settings to enabled/disable to make a Visual C++ harder to reverse engineer. Here's a few compiler flags I've already got which I believe should be…

asked Jun 16 '13 at 13:59

Sticky

173
4

7

votes

3 answers

Patching a .Net 4.0 Binary in Olly or CFF Explorer

I have a challenge compiled in C# .net 4.0. I can see the source completely fine in Reflector. I'd like to change the source. I guess I do this by patching some bytes in the binary. The problem I'm facing is when loading the binary in Ildasm.exe I…

asked Jun 14 '13 at 17:07

4r4r4r

71
1
2

7

votes

1 answer

Ghidra does not display whole strings

It's pretty annoying. I think I might have changed some setting somewhere. Here's a screenshot of what I'm talking about. See all those "..." ? How do I turn that off?

ghidra

asked Nov 01 '19 at 12:33

user29223

83
1
3

7

votes

3 answers

Reverse Engineering Managed Code

Is reverse engineering managed code from .NET easier or harder? I think it might be Java bytecode that can be easily converted back into source code. Is managed code from .NET similar, and why?

.net

asked Jun 09 '13 at 14:11

zer

157
2
6

7

votes

1 answer

GDB Error "Too many array elements"

I'm trying to understand very basic stack-based buffer overflow I'm running Debian wheezy on a x86_64 Macbook Pro. I have the following unsafe program: #include #include CanNeverExecute() { printf("I can never…

asked Jun 09 '13 at 01:47

Noé Malzieu

173
3

7

votes

2 answers

Ollydbg target runs automatically

I have a target that automatically runs after I load it in to Ollydbg. This form, doesn't stop at the entry point (but continues to execute and at a point it pauses, I have to press shift+f9.) Is there any way to debug it ?

asked Jun 08 '13 at 06:29

Arunabh Ray

71
2

7

votes

3 answers

Elf x86_64 adding function

I'm trying to see if I can append function code in the .text section of an ELF while still maintaining the execution flow of the original ELF. Ideally, I want to call the new function but that's it's own mountain to climb. I'm more concerned with…

asked Aug 16 '19 at 20:47

stayge

73
1
6

7

votes

1 answer

How can I figure out the device memory map for an embedded system?

On many embedded systems, a great deal of communication with devices is done by reading and writing to memory-mapped I/O (MMIO) addresses in software. Supposing that I have access to the physical device, and a copy of the firmware that I can load in…

asked Jun 03 '13 at 17:03

Brendan Dolan-Gavitt

2,888
2
19
37

7

votes

2 answers

Is there a way to recover macros from compiled code?

I've been thinking of reversing some firmware I have laying around. One characteristic of the firmware is that it is compiled using lots of pre-processor macros. Now, as I understand it, these are not included in the binary, so a decompiler cannot…

decompiler

asked May 31 '13 at 21:10

MrSynAckSter

1,258
1
10
24

Most Popular