Highest Voted Questions - Reverse Engineering Stack Exchange

6

votes

2 answers

IDA Pro 6.4 android_server processattach failed

I would like to ask if anyone knows how to solve the above mentioned problem I encounter. I was reverse engineering an apk, and met a part where static analysis with IDA Pro is not enough, so I thought that I could use the android_server provided by…

asked May 20 '14 at 08:35

csharpnewbie

61
2

6

votes

3 answers

Fuzzing Adobe Reader - Exploit Development

I have been fuzzing Adobe Reader lately. I found couple of bugs. One of the major issues that I'm facing are listed below. How to identify the root cause of the issue? I mean, the PoC has a large number of modification and it's not easy to change…

asked May 19 '14 at 10:38

john4tech

595
3
12

6

votes

2 answers

How do Android reverse engineering tools extract packages/ package hierarchy present in Android apps?

I have been involved in disassembling Android apps using baksmali and dexpler. Whenever I disassemble an app, I find the packages and package hierarchy (that would have been available in development scenario) intact. For instance, when I disassemble…

asked May 12 '14 at 13:51

Annamalai N

201
1
5

6

votes

3 answers

Help reversing a EDB database file for Pioneers Rekordbox software

Pioneers Rekordbox software is a music management tool for DJs. One of its features is BPM detection for music files. Unfortunately it doesn't write this information to the BPM frame of the files ID3 tags, and instead keeps the detected BPM in it's…

file-format

asked May 11 '14 at 12:21

Evan Purkhiser

161
1
3

6

votes

2 answers

Reverse engineering Perl-compatible regular-expressions

I'm dealing with a piece of malware that does extensive use of PCRE (Perl-compatible regular expressions). Normally I would be able to read them, but it seems they're in some kind of binary format (compiled, maybe?). They all start with ERCP (check…

asked May 09 '14 at 17:24

Thomas Chopitea

121
3

6

votes

2 answers

How to directly re-use the dumped content of `.rodata`, `.data` and `.bss` section?

OK, so basically I want to re-use the content from dumped .rodata data and bss section from ELF on Linux 32bit. The dump command: objdump -s -j .text elf_binary objdump -s -j .rodata elf_binary objdump -s -j .data elf_binary and for the .bss…

asked May 02 '14 at 18:47

lllllllllllll

2,485
2
32
50

6

votes

1 answer

ARM shellcode for linux - svc 0 vs svc 1

Checking out Linux ARM shellcode I see that the system call is made by using the svc 1 instruction. However, I have also seen examples where they use svc 0 as the instruction that calls the system call. Evidently, system calls in Linux on ARM can be…

asked Apr 30 '14 at 17:55

user1743

6

votes

2 answers

What is the Sourcer syntax for defining data structures?

I am working with version 8 circa 2000 of Sourcer from V Communications. They no longer support it. I've long since lost the manual. There is a definition file that you edit as you discover the code you are dissembling. In that file's data section…

disassemblers

asked Apr 12 '14 at 11:57

Rich Shealer

161
2

6

votes

3 answers

Is there any Dynamic Binary Instrumentation frameworks for Windows exposing an Intermediate Representation?

There are some excellent DBI frameworks for Windows (Intel PIN, DynamoRIO...) but unfortunately none of them expose an IR afaik. I am looking for something like Valgrind's VEX that works on Windows. Any pointers / references would be greatly…

asked Apr 01 '14 at 13:04

Carlos Garcia

1,041
1
7
15

6

votes

2 answers

What is this way of representing color in this unknown image format

All right, I have a PS3 image compressed with a variation of the LZ algoritm (magic bytes 43 5A 32 00) (I have successfully decompressed it) and what I get from the decompressed form is a set of ARGB colors/pixels (The number of bytes in the…

file-format

asked Mar 30 '14 at 12:00

patr0805

323
1
8

6

votes

2 answers

Understanding x86 C main function preamble created by Visual C++

I was debugging a simple x86-64 program in Visual Studio 2010 and I noticed that the main function preamble is different from the GNU GCC compiled version of the same C program. To illustrate what I mean here is the C code for the main function: int…

asked Mar 26 '14 at 20:58

Benny

828
7
18

6

votes

1 answer

Disassembling an unknown DOS MZ executable using radare2

How do I specify to radare2 that what I'm disassembling when I know it is a DOS MZ executable? As it does not auto-detect this for me.

asked Mar 25 '14 at 07:02

damat-perdigannat

227
4
7

6

votes

2 answers

Removing personal data from dump file

I want to publish a crash dump on the Internet for other people to learn from the dump. Usually I take dumps with .dump /ma which is fine. However, I'm a bit concerned about personal data included in the dump and I'd like to remove it. The WinDbg…

windbg

asked Mar 14 '14 at 22:50

Thomas Weller

970
6
19

6

votes

1 answer

DOS program debug in IDA?

Does anybody know something hack to debug 16bit DOS program in IDA 6.1?

asked Feb 27 '14 at 10:17

Dominoman

63
1
4

6

votes

1 answer

ROP exploitation in x86_64 linux

I am working on return oriented programming exploitation on a x86_64 Linux. However, my research leads to impossibility of ROP exploitation in 64-bit Linux machine because all of code segments are loaded in null byte leading addresses. Is it…

asked Feb 20 '14 at 08:01

user40387

63
1
3

Most Popular