Highest Voted Questions - Reverse Engineering Stack Exchange

6

votes

0 answers

How to create HexRays variables in IDAPython correctly?

Let's assume we have a function which has a following variables in it: Local variables on stack of different types, including types defined in local types window Local variables of different types mapped to registers Function parameters of…

asked May 14 '15 at 06:59

w s

8,458
1
24
40

6

votes

3 answers

Use Android Shared library (.so) files in Linux

I decompiled an APK file,and that program have native codes in a .so file. I want to use that .so file in Linux in order to use inline functions. These codes have functions to connect to a server and perform encryption/decryption on the data…

asked May 06 '15 at 10:50

IrajTaghlidi

61
1
1
2

6

votes

1 answer

Call to an imported function in a PE file: Why is destination prepended with ds (call ds:func_name)?

In windows PE files (32 and 64 bit) calls to imported functions look like this in IDA PRO: call ds:SetEvent // default setting call [ds:SetEvent] // Target Assembler set to TASM I understand what it does (indirect…

asked Apr 24 '15 at 11:46

langlauf.io

1,560
1
19
36

6

votes

2 answers

Are there any active IRC channels for RCE discussion?

I enjoy idling in programming related IRC channels so I can research any topic which catches my interest. I have checked the channels for a few forums that I browse, but I can't seem to find an active community. What are some active RCE related…

disassembly

asked Apr 21 '15 at 14:21

question_asker_777

155
1
6

6

votes

1 answer

Use of SSA (Single Static Assignment) while dynamic analysis

I have read that dynamic instrumentation can be done using tools like PIN or Valgrind. However Valgrind provides intermediate representation and converts the binary into SSA which makes it more convenient to perform binary analysis. Could anyone…

dynamic-analysis

asked Apr 17 '15 at 02:33

user1004985

163
4

6

votes

2 answers

How can I sync structs across multiple IDA databases?

I am reversing a few modules which share many c++ classes. I am currently maintaining a single header file which contains every struct definition from each database. I update this using a produced header file after working on a module. I then…

ida

asked Apr 16 '15 at 12:46

question_asker_777

155
1
6

6

votes

1 answer

what's the function of LODWORD and HIDWORD?

I'm trying to figure out what does this piece of code exactly: LODWORD(fMax) = *(_DWORD *)v12; HIDWORD(fMax) = v13; I was reading on IDA\Plugins\defs.h the definition, but I don't understand what does exactly to redo the same thing on…

asked Feb 20 '15 at 01:18

Criss Moreyra

99
1
2
4

6

votes

2 answers

Unknown Mac OSX 10.10 HFS+ compression

I'm trying to decompress a Mach-O binary which has been compressed using one of the compression algorithms in Mac 10.10's HFS+ implementation. Basically the file has the "com.apple.decmpfs" attribute on it, which says that it is compression type 8.…

asked Feb 12 '15 at 03:48

Luke Quinane

291
1
8

6

votes

1 answer

Is it possible to find static pointer with disassembler?

I found an assembler instruction: mov [esi+2F],dl. I think ESI is a reference to a struct or class. 0x2F is the offset that references a property of the struct/class. Is it possible to find the value of the ESI register? I think this class or struct…

asked Feb 09 '15 at 11:45

tested

63
1
3

6

votes

1 answer

Work out if a firmware is dumpable/writeable through USB?

I'm looking to find out if a firmware of a device is readable and potentially writeable. The device has a USB port and other devices by this manufacturer have had firmware updates (through USB) so it's within the realm of possibilities this is…

asked Jan 21 '15 at 20:40

jblz

161
2

6

votes

1 answer

A wiki for IDA?

Everyone knows the state of IDA's documentation... There is a bit of info in idc.idc and the SDK headers, there's Chris Eagle's book (which predates quite a few advances in IDA), and there's the occasional juicy tidbit in the blogs of Ilfak, Igorsk,…

asked Jan 20 '15 at 20:26

DarthGizka

2,010
1
13
30

6

votes

2 answers

Extract files from a bin firmware

I have a firmware image that is used for flashing a BMW NBT navigation system that I want to research. I did a binwalk on the file (dump below). I want to extract the individual files, especially the ELF files and the LZMA compressed files. Can this…

asked Jan 20 '15 at 15:17

Remko

3,228
3
22
30

6

votes

1 answer

Recompiling/optimizing redundant code to make analysis easier

I'm analyzing an application created with Borland Delphi but the poor quality of the object code makes analysis difficult and tedious. The code is so convoluted and inflated with superfluous instructions that it is very hard to make out what a given…

asked Jan 06 '15 at 00:45

Eric

439
2
11

6

votes

1 answer

Reversing simple message + checksum pairs (32 bytes)

I am trying to determine the algorithm behind a 32-byte protected section of memory on a big-endian system. It will render invalid if even a single bit is changed, but I can generate any number of valid 32-byte messages. Here shows a variety of…

binary-analysis

asked Dec 30 '14 at 12:01

bryc

163
6

6

votes

1 answer

Is not valid win32 application. Why?

Now I'm developing an unpacker and reached testing stage. Sometimes I got a message which says that unpacked file is invalid Win32 executable, however it is not informative. I would like to ask if there is a tool which identifies reason, why Windows…

asked Dec 22 '14 at 13:58

ST3

849
2
8
25

Most Popular