Highest Voted Questions - Reverse Engineering Stack Exchange

7

votes

2 answers

How does Windows SafeSEH mechanism work?

How does Windows SafeSEH mechanism work? I understand how the overwriting SEH exploitation technique works. I do not quite understand how the SafeSEH mechanism works preventing this technique from working. This question is about inner workings of…

asked Nov 10 '15 at 15:44

golem

211
2
6

7

votes

1 answer

When to use OllyDgb over Immunity Debugger

I have always been curious when I should use OllyDbg over Immunity Debugger. Immunity Debugger has inherited code from OllyDbg and can perform scripted debugging with Python. Interestingly enough, most of the times I do a Google search for a reverse…

asked Nov 09 '15 at 01:43

itsbriany

440
1
5
10

7

votes

1 answer

How to find WndProc using x64dbg?

I'm trying to find a WndProc from explorer.exe that is handling these messages, I've found with Spy++: <000001> 00000000000B01C8 P message:0xC02B [Registered:"SHELLHOOK"] wParam:00000025 lParam:000F0184 <000002> 00000000000B01C8 P message:0xC02B…

windows

asked Oct 29 '15 at 17:43

Ciantic

173
1
5

7

votes

1 answer

How to debug (like gdb) with radare2?

I am new to radare2 and Linux. I got problem with r2. As the title states it, many tutorials, articles, videos about r2 are just about disassembling programs, and read assembly codes. But, I want debug my programs. I search on the web and on…

asked Oct 29 '15 at 14:50

hachzz

81
1
1
3

7

votes

1 answer

Adding a toolbar to IDA using PySide

So i'm trying to add a custom toolbar to IDA 6.4 using their PySide download and the IDAAPI. I've tried adding a toolbar by just creating one but since it doesn't have an exec_() method I can't get it on the screen and it looks like I need to be…

asked Oct 27 '15 at 11:28

James

193
5

7

votes

4 answers

How to view strings in an executable?

I have been playing around, searching for Strings "Please wait!!!" "Done!!" Then I didn't find them in a Debugger so somebody suggested BinText can do the job, so I found this File pos Mem pos ID Text ======== ======= == ==== …

patch-reversing

asked Oct 20 '15 at 10:29

Candice

81
1
1
3

7

votes

1 answer

What is the meaning of the ".debugxxx" segments in IDA Debugger?

When I debug an application inside the IDA Debugger, sometimes I get referenced to a .debugxxx segment. What are those segment ? Heap allocations ? If so, why are they called .debug ? Also, even if I stop the debugger at the entrypoint of my…

asked Oct 14 '15 at 08:12

David229

73
3

7

votes

4 answers

Change block/node color with idapython

How can I change color of node (or block?) with idapython? I know about SetColor, but this function does not work with blocks/nodes. EDIT: Solved, see the code snippet below. def get_bb_id(graph, ea): for block in graph: if…

idapython

asked Aug 20 '15 at 10:54

DOD

191
1
8

6

votes

1 answer

How to get current PHP function name in gdb?

I'm following these steps to locate the current PHP function call as below: Run dummy script: $ gdb -ex run --args php -r "sleep(10);" Pressed Ctrl+C to get back to gdb to run: (gdb) bt full #1 0x00007ffff6007dd4 in __sleep (seconds=0) at…

asked Aug 05 '15 at 11:26

kenorb

485
1
8
23

6

votes

1 answer

How to apply IDA structure to a pointer of a structure

I've encountered this function, which accepts a pointer to what I believe is a custom C struct. I came to this conclusion based on subsequent access to it. arg_0= dword ptr 4 ;struct passed in push ebx push ebp mov ebp, [esp+8+arg_0] …

asked Jul 28 '15 at 20:19

vincentleest

205
3
7

6

votes

1 answer

Reconstruct control-flow graph from x86 instruction trace

Can anyone suggest a free and preferably open source software tool that can reconstruct / build / generate a control-flow graph from a set of x86 execution traces of the same program? I found an interesting paper on this topic. However, I could not…

asked Jul 16 '15 at 15:21

Benny

828
7
18

6

votes

1 answer

Finding address from function name

By checking the human-readable strings in my target application, I found several interesting function…

asked Jun 18 '15 at 00:16

Juicy

275
5
9

6

votes

2 answers

Offset calculation for branch instruction in ARM

As the title says, how to calculate offsets for branch instructions? For example i have following assembly code, 0x60ECE B loc_60EE6 ; ; ; 0x60EE6 LDR.W R2, #0x123 Hex code for location 0x60ECE is 0A E0. i want to know how it is calculated.…

asked Jun 08 '15 at 12:42

user2578525

165
1
1
5

6

votes

2 answers

Ida Pro: parsing complex operand expression using IDAPython

Say given the following line in Ida Pro: mov [rsp+3F8h+var_3F8], 0 How can I parse and access the items inside the [ ]? What I tried: idc.GetOpnd(addr, n) # returns a string '[rsp+3F8h+var_3F8]' idc.GetOperandValue(addr, n) # returns…

asked Jun 01 '15 at 14:00

langlauf.io

1,560
1
19
36

6

votes

0 answers

How does my S62 engine utilize MAF sensors to convert voltage to mass flow?

We're trying to solve a puzzle on one of the automotive forums regarding how the BMW S62 engine utilizes its two MAF (mass air flow) sensors to determine the air mass flow entering the engine. This sensor is critical for correct engine operation and…

asked May 18 '15 at 19:00

Zaid

111
3

Most Popular