Highest Voted Questions - Reverse Engineering Stack Exchange

6

votes

2 answers

Run a python command with "run" on GDB

Hi I'd like to run a python command python -c 'print "\x90"*52' when the program start in GDB, as I would do when I execute : python -c 'print "\x90"*52' | ./myProg . Does anyone knows any way to acheive this? What I've tried so far : `python -c…

asked Jun 18 '18 at 21:39

Nark

283
1
2
9

6

votes

1 answer

Windows 10 v.1803 boot failure after trying to install network kernel debugging with WinDbg Preview

I'm trying to set up kernel debugging on a physical hardware/desktop to test the new WinDbg Preview. Here's the steps: I'm using a desktop with Intel DG41TY board. Installed Windows 10 Pro build 1803. (Off USB, created using media creation…

asked Jun 10 '18 at 20:17

c00000fd

1,659
3
25
41

6

votes

1 answer

IDA Pro: Is there a command-line way to generate idb files without generating asm files?

Currently, I'm generating a bunch of .idb files in a batch via idaw.exe -B . (I'm using IDA Pro 6.8.) This process also creates many .asm files - one for each .idb file created. I don't need these files, so they just get ignored/deleted. Is…

ida

asked Jun 04 '18 at 05:35

Samantha

225
2
5

6

votes

1 answer

Viewing Radare keybindings for Visual Pane mode (Function hotkeys)?

Is there a way to view the keybinidngs inside of Radare? Such that I can see which function keys do things like Step Over and Step Into in Debug mode? e~key doesn't list any of the debug keys, key.S = key.f1 = key.f10 = key.f11 = key.f12 =…

radare2

asked May 30 '18 at 04:08

Evan Carroll

1,779
1
18
50

6

votes

2 answers

objdump: can't disassemble for architecture UNKNOWN!

I am trying to use objdump -d fileName on a s-rec file and it returns unknown architecture, however it recognizes fileName: file format srec I looked at objdump --help and under supported targets srec and symbolsrec is listed. I have tried objdump…

disassembly

asked May 23 '18 at 16:44

0siris

61
1
1
7

6

votes

1 answer

dnSpy - What do these symbols mean?

When decompiling a dll file there are certain lines of code that read like this: return \u0013.\u0002.\u0001(url, info); I have two questions on this: 1) does \u00xx mean that it is obfuscated, if yes, what steps can I take to understand it 2) what…

asked May 23 '18 at 14:05

pzirkind

437
1
5
9

6

votes

0 answers

Hauppauge HVR-950Q - Linux - Signal Processing for extra data like subtitles

I have a Hauppauge HVR-950Q running on a stripped down debian. I am trying to use the Hauppauge HVR-950Q from the command line to parse subtitles and build a library of accurate subtitles. I am not sure how to start on this one being that I want to…

asked Apr 16 '13 at 14:51

mrhobbeys

61
2

6

votes

2 answers

Disassembly shows `LEA` with RIP?

When I disassemble this instruction using pad on Radare I get an LEA with rip [0x00000000]> pad 8d 15 c8 90 04 08 lea edx, [rip + 0x80490c8] I got this instruction from this post here I'm confused though why the disassembly shows rip + 0x80490c8,…

asked Apr 16 '18 at 04:49

Evan Carroll

1,779
1
18
50

6

votes

1 answer

How to tell if a particular .NET assembly was written in C# or F#?

The motivation for this question is that I used JetBrains dotPeek to decompile an .exe written in F#, but the output project directory produced C# code. Why does decompiling an F# assembly produce C# code? I know that both languages get JIT-compiled…

asked Apr 06 '18 at 09:13

Samantha

225
2
5

6

votes

1 answer

Do IDA Python plugins work with IDA free or only IDA pro?

For example, the plugin fluorescence.py is a very small tool that adds a choice in the "Options" menu of IDA to highlight call instructions. It is supposed to work upon dropping it into the plugins directory. Do such plugins only work on IDA Pro…

ida

asked Mar 07 '18 at 18:45

Joe Johnson

61
1
2

6

votes

1 answer

IDAPython: How to get function argument values

I always write ad-hoc code to get the values passed to function calls, like finding the XRef to a function and then tracking back disassembly to find some specific MOV or PUSH instruction. For example, in the following example: .text:080488B1 …

asked Mar 04 '18 at 09:06

joxeankoret

4,488
2
21
35

6

votes

1 answer

Issues with reversing LZSS compression algorithm

I am trying to reverse engineer my HP printer's firmware, so I dumped the SPI chip from the board, and there are a lot of strings, but almost always look something like this: I noticed a pattern that sometimes after every 8 bytes FF byte is added.…

asked Feb 05 '18 at 21:25

hlex

73
8

6

votes

3 answers

Determining if a variable is local or an argument passed to a function

How can you determine if a variable is a local variable of the function or an argument passed to the function?

asked Apr 11 '13 at 15:48

Jannu

373
2
6

6

votes

0 answers

Generating symbol file for closed-source binary by hand

I have a closed-source binary (minecraft-pi). For a given section of the assembly like so: a2ed4: e92d45f8 push {r3, r4, r5, r6, r7, r8, sl, lr} a2ed8: e1a04000 mov r4, r0 a2edc: e59d0024 ldr …

asked Nov 29 '17 at 22:59

jdonald

161
4

6

votes

2 answers

what is radare2's equivalent to GDB's 'find &system,+9999999,"/bin/sh"'

What is radare2's equivalent to GDB's find &system,+9999999,"/bin/sh"?

asked Nov 12 '17 at 22:12

whoopdedoo

283
3
19

Most Popular