Reverse Engineering Stack Exchange
Reverse Engineering Stack Exchange

Most Popular

more tags
1500 questions
6
votes
1 answer

Can Windbg trace function calls within a module?

I want to log any functions within a specific module that are called during an execution. I tried !for_each_function and wt command. However, since the target module doesn't have any symbols, !for_each_function cannot recognize any functions. wt…
user15580
  • 253
  • 3
  • 11
6
votes
0 answers

Reliable way to recognize STL template classes?

Since the template classes are different between instantiation, it is extremely difficult for library recognition using universal patterns. But the control flow graph and references to system call of those template functions should be almost the…
Misty
  • 428
  • 2
  • 9
6
votes
1 answer

Unicorn and QEMU: Example use cases to understand the differences

The Unicorn website lists some differences between Unicorn and QEMU, especially those differences "where Unicorn shines". They furthermore write: A notable difference between Unicorn and QEMU is that we only focus on emulating CPU operations, but…
langlauf.io
  • 1,560
  • 1
  • 19
  • 36
6
votes
2 answers

Intel PIN: How to access the INS object from inside an analysis function?

A typical PIN code snippet looks like this (taken from the official manual): // This function is called before every instruction is executed // and prints the IP VOID printip(VOID *ip) { fprintf(trace, "%p\n", ip); } // Pin calls this function…
langlauf.io
  • 1,560
  • 1
  • 19
  • 36
6
votes
2 answers

Question about LEA instruction

i'm learning to reverse engineer. So i'm coding some programs and try to understand their assembly. I stumbled upon a curious case and i think i can't solve it alone. Here's the c code: #include int main(){ char *texto = "O numero e…
krystalgamer
  • 193
  • 2
  • 7
6
votes
1 answer

How to log all memory accesses (read and write) including the memory content in a binary execution trace?

I would like to create an execution trace of a binary. To be precise, I would like to record every executed assembly instruction, together with possible memory accesses. By memory accesses I mean reading from, or writing to, memory. For these…
langlauf.io
  • 1,560
  • 1
  • 19
  • 36
6
votes
5 answers

What is the "standard" approach to find loop in binary code?

I am working on some x86 (32/64 bits) ELF binary code. These binaries are compiled from C and C++ program code and I am trying to detect loops inside the binaries. I am newbie to this area, and I am wondering, what is the standard way to identify a…
lllllllllllll
  • 2,485
  • 2
  • 32
  • 50
6
votes
1 answer

Find main() function of executable with windbg

I have an executable without debug symbols, and I want to get to its' main() function. What I do is putting breakpoint at $exentry address, but this address of some CRT-initialization. To get to the main() I need to single-step until I see some…
Hanik
  • 63
  • 1
  • 5
6
votes
2 answers

Reverse Engineering Chinese laser engraver

I would like to reverse-engineer the software that came with my Chinese-made laser engraver. Unfortunately the hardware does not play at all with other software out there... The original software is horribly buggy, is loaded with malware…
Jason
  • 63
  • 6
6
votes
3 answers

How to effectively bypass GCC stack smashing detection

I was solving bof challenge on http://pwnable.kr/play.php it is required to smash the stack of the following code #include #include #include void func(int key){ char overflowme[32]; printf("overflow me : "); …
u185619
  • 335
  • 2
  • 5
  • 9
6
votes
1 answer

Difference between Win7 and Win8 PE loader?

Is it known what the differences between the Window 7 and Windows 8 PE loader are? I'm trying to hand-craft a simple executable PE image file. It runs well in Windows 7, but is rejected by Windows 8. The file is linked…
Lars Brinkhoff
  • 163
  • 4
6
votes
3 answers

Reversing self-modifying code

I am learning reversing an I am studying a code, which modifies itself (actually it is a crackme). It contains statements like: movw $0xc031, 0x(%edx), where edx contains the address of a statement. With breakpoints I can stop and inspect the…
robert
  • 887
  • 2
  • 12
  • 28
6
votes
3 answers

How to get the CPU architecture via Idapython?

I was not able to find an API function to get the CPU architecture of the loaded binary. In idaapi.py, there is a function def set_processor_type(*args) but no equivalent such as get_processor_type. I don't want to fall back to running some…
langlauf.io
  • 1,560
  • 1
  • 19
  • 36
6
votes
1 answer

Decoding serial data

I have an energy monitory and I managed to get into the feed. I got the handshake packets sorted but I am stuck on working out how to decode this data from HEX. All I know are the following values as shown on the monitor at time of dump. Pac = 81…
Piotr Kula
  • 163
  • 6
6
votes
0 answers

Audio file compression identification

I've been working on reversing file formats from the game of star wars episode 1: the phantom menace. I have managed to extract the audio files from the .lab file in which they were contained. I cannot however play the audio files. The files are…
RNs_Ghost
  • 183
  • 6
1 2 3
99 100