Highest Voted Questions - Reverse Engineering Stack Exchange

7

votes

1 answer

Is it possible to create data xrefs manually?

I have a binary with lots of indirect calls (call dword ptr [register + offset ]) the register is calculated with a simple math which I manage to statically calculate on my own (the call itself lead to some winapi calculated from the current…

asked May 30 '13 at 14:53

xrefsfrom

71
1
3

7

votes

1 answer

function call trace with radare2 or break on all function call

I want to script with python using r2pipe. Is there a way that when debugging I can break on each call function, thus I can get the parameter? What's more, I won't jump into system library. Or is there a way to do function trace, just in program's…

asked Apr 28 '19 at 14:06

SwordWorth

71
2

7

votes

1 answer

How do I import function signatures to Ghidra?

I'm working with an .exe which imports the old DirectX DLL DDRAW.DLL. The problem is, Ghidra doesn't know about it and shows all imported DDRAW functions as having no parameters. I know, I can edit functions to add the paramaters and define the…

asked Apr 26 '19 at 22:24

piotrek

171
1
1
3

7

votes

2 answers

Decode date and time in a sequence of binary data

INTRO I'm trying to reverse engineer a binary data file containing sms messagges. The file is named ems.idx4 and was created with a software named LG PhoneManager around 5 years ago as a backup archive of sms messagges for a LG mobile. I don't know…

file-format

asked May 26 '13 at 16:20

nimiq

101
1
5

7

votes

4 answers

Program with no dependencies

while reading the answers to Can I statically link (not import) the Windows system DLLs? I came up with another question. So: Is there a way to write a program that has no dependencies (nothing is statically compiled too - it has only my code) and…

asked May 24 '13 at 20:33

PhoeniX

3,052
16
30

7

votes

1 answer

Ghidra Control Flow Graph

Lately I'm using Ghidra and I don't find the API to get the control flow graph of a given function. Can someone help me? Thank you in advance. EDIT: it is different from the other question (link) because I'm asking for the API.

asked Mar 17 '19 at 20:28

Benny

73
1
1
4

7

votes

1 answer

How to export a working elf binary from Ghidra?

When patching a program and then using the export binary function, it turns the elf headers are corrupt. Is there any way to work around this problem?

asked Mar 14 '19 at 07:39

ghidra

71
1
1
2

7

votes

4 answers

Is there any tool for decompiling raw binary files to C code for the Motorola 68000 processor series?

I have the ROM dump (.bin files) targeted for the MC68008 processor. Need to convert them into a high level source code. I have already found tools for disassmbling them into assembly code. The next step is converting them to C code. But I could not…

asked May 23 '13 at 09:17

Vishu Mahajan

79
1
1
3

7

votes

2 answers

What's this assembly doing?

I have been trying to figure out the assembly for part of a DOS game and there is an operation that keeps getting called that uses all 4 registers. I can see what each line does but I can't for the life of me figure out what all the code together…

asked Feb 25 '19 at 17:07

Jez

185
6

7

votes

2 answers

Which operators use sal, shl, sar or shr

Which operators in C language would result in assembly commands such as sal, shl, sar or shr for example?

asked Jan 30 '19 at 17:11

PaHa

145
1
3
7

7

votes

1 answer

How does API call work on Android (NDK)?

In windows platform, an application usually references its IAT(Import Access Table) to get the address of the APIs it wants, then call it. Then some mechanisms are done as demonstrated here nicely. However, I cannot find out how API calls work on…

asked Dec 09 '18 at 14:36

KYHSGeekCode

341
4
13

7

votes

1 answer

Any ideas on how to decode Photoshop Liquify .msh files?

Photoshop's Liquify filter allows you to distort images interactively in many different ways. When you have distorted an image to your liking, you can save the mesh that represents the transformation in a .msh file. This transformation can then be…

asked Nov 23 '18 at 21:44

Nick Evans

71
2

7

votes

2 answers

Writing ELF headers in Radare?

Reading Keith Makan's, "Introduction to the ELF Format : The ELF Header", he modifies e_entry, The e_entry field lists the offset in the file where the program should start executing.Normally it points to your _start method (of course if you…

asked Nov 19 '18 at 22:06

Evan Carroll

1,779
1
18
50

7

votes

2 answers

Reverse engineering Windows Defender's signature for Metasploit Framework's metsrv.dll

As a pentester for a consulting agency, it is part of our job to "evade" antivirus after gaining code execution on information systems. It is indeed necessary to prove exploitation of vulnerabilities, as opposed to simply reporting them. If an AV…

asked Oct 24 '18 at 19:47

plowsec

143
8

7

votes

1 answer

Any idea how to decode this binary data?

I have binary data representing a table. Here's the data when I print it with Python's repr(): \xff\xff\x05\x04test\x02A\x05test1@\x04\x03@@\x04\x05@0\x00\x00@\x05\x05test2\x03\x05\x05test1\x06@0\x00\x01@\x00 Here's what the table looks like in the…

asked Apr 30 '13 at 19:57

bbigras

191
1
5

Most Popular