Highest Voted Questions - Reverse Engineering Stack Exchange

5

votes

2 answers

Understanding the loop disassembly

Here is the code of loop that I'm trying to understand the disassembly of it: #include #include using namespace std; int main() { int i, arr[50], num; printf("\nEnter no of elements :"); cin >> num; //Reading…

asked Jun 05 '15 at 07:59

Vlad

139
5

5

votes

0 answers

Tracing function call args with IDA Pro

Right now I'm trying to place a trace point and hook it with the Python code that pulls all relevant stuff from the stack. Unfortunately it just gives me the garbage all the time, because the value in cpu.esp is being updated after this code is…

asked May 30 '15 at 11:40

vdudouyt

171
1
4

5

votes

1 answer

Load IE symbols in Immunity Debugger

I know Immdbg already recognizes Windows internals function names, like kernel32.dll and user32.dll What I want is to load Internet Explorer symbols the same way WinDbg does. Does someone knows it is possible, like mshtml.dll?

asked May 27 '15 at 18:21

jyz

498
2
12

5

votes

1 answer

IdaPro/HexRays type libraries

I'm trying to improve my use of ida/hexrays... I have a x86 linux elf binary, non-stripped, statically linked w/ openssl. So you can see all of the OpenSSL function names in the binary. I used the tilib cli tool to make a type library from the bio.h…

asked May 22 '15 at 16:26

tecknicaltom

51
1
2

5

votes

4 answers

Use OllyDbg to identify what happens when a button is pressed

I am entirely new to reverse engineering, but nonetheless I have been given the challenge by a friend to crack a computer program he wrote. Having never done this before, my research online suggested that I use OllyDbg to search for an error message…

asked May 19 '15 at 03:47

DaveTheMinion

191
2
9

5

votes

1 answer

How to create a IDA FLIRT signature for a PPC library?

I'd like to create a IDA FLIRT signature for the following PPC uClibc library: libuClibc-0.9.15.so: ELF 32-bit MSB shared object, PowerPC or cisco 4500, version 1 (SYSV), dynamically linked, for GNU/Linux 2.0.0, stripped I got the FLAIR tools from…

asked May 15 '15 at 12:42

Zulakis

227
3
8

5

votes

2 answers

Workflow patching Java jar file

Normally I'm working with firmwares and native code executables, patching small things like constants, jump conditions etc. There I'm using IDA's disassembly to analyse what and where to patch. With Java bytecode I would tend to use the decompiled…

asked May 14 '15 at 07:36

user2011659

359
1
4
8

5

votes

3 answers

Hash algorithm written in C decompiled with IDA

I have been working on rewriting a program, although it uses a hash to fingerprint the file, I have used IDA to find the function doing the hash and what it is doing to the file before it sends it to the hash function. I just have a couple questions…

asked May 11 '15 at 00:54

Krum110487

153
4

5

votes

2 answers

Patching a Mach-O Binary Header to remove a LC_SEGMENT

i have an ARMv7 Mach-O Executable on which I want to patch out a certain segment in the binary header which prevents DYLD injection. more information here under point 3. of preventing dyld injection. TL;DR a __RESTRICT binary header section with a…

asked May 08 '15 at 22:07

Malte

183
4

5

votes

1 answer

Finding a certain function in game(TS4)

I am trying to find a function that places a furniture on the ground when I buy it and click the spot. This is the way I am trying to do solve it at the moment. Find the address of money with cheat engine See which areas write to this…

ollydbg

asked Apr 24 '15 at 13:33

Samuli Lehtonen

151
4

5

votes

0 answers

Load multiple modules in one IDA database

I have a game (Crysis 2) and the developers exported each DLL to be loaded separately by the main executable instead of merging all of them. Instead of having 9 instance of IDA open everytime and switching between tabs I wanted to load all the…

ida

asked Apr 16 '15 at 18:57

Knochove

51
1
3

5

votes

3 answers

Kernel debugging - how to set breakpoint at DriverEntry?

I'm sorry for my bad English. I'm a beginner in Reverse Engineering. I have a problem like this. I was given two files, one is driver's .inf file and the other is driver's .sys file. My mission is to debug this driver and understand its…

asked Apr 09 '15 at 15:20

user1680791

53
1
1
4

5

votes

1 answer

Dynamic instrumentation tools

I've discovered recently PIN which allows to dynamically instrument the binary code while still making the program believe it is running unmodified. Even more recently, I've heared about Dyninst and DynamoRIO. Do you know some other tools like this?…

asked Apr 06 '15 at 05:42

Celelibi

231
1
4

5

votes

1 answer

Reverse engineering a proprietary GPU device driver?

I have the binary file, and it's over 200 MB in size, which makes me think that such a task by myself would be beyond incredibly difficult to get anything done. I am trying to see how the driver communicates with the GPU exactly (because I need to…

asked Mar 25 '15 at 02:34

Truffles In Ma Bred

51
1
2

5

votes

1 answer

What can I do with a SSH certificate?

Doing an information security project at the moment. After gaining access to ftp drive, there was a file simply called 'hackme' inside. It contains what looks like to me a SSH certificate, but not sure what I can do with it or how to reverse/break…

encryption

asked Mar 17 '15 at 21:54

tert

Most Popular