Highest Voted Questions - Reverse Engineering Stack Exchange

5

votes

2 answers

Returning a C function to its grandfather

This is a homework assignment, so I'd appreciate it if I would get a hint only, not a full answer. I wrote this program which is supposed to print the following: Executing function_a Executing function_b Finished! The main() and function_a()…

asked Mar 14 '15 at 13:05

user187

5

votes

1 answer

How to make stack variables into an array in IDA Pro

I've got a procedure in IDA Pro with a few local stack variables, but part of them belong to an array. I would like to define the array, but pressing * (Create Array) fails, and pressing Y (Set Type) just brings up the type for the procedure, not…

asked Mar 11 '15 at 11:33

darkf

53
1
3

5

votes

1 answer

What is an indicator that a PE section definitely contains stuff of a specific type?

I was recently working with the Microsoft documentation about the PE and COFF specifications. Chapter 5 shows several more or less "soft" indicators and characteristics to recognize what kind of stuff a section contains. However, the section…

asked Feb 28 '15 at 17:27

Ray

1,083
9
25

5

votes

1 answer

Coalesce Enums in IDA?

Is there a way to modify the IDA decompiled source to reflect "OR"ed values of two or more enums? For instance, I have the following enums, HTTP_QUERY_CONNECTION has the value 23 and HTTP_QUERY_FLAG_REQUEST_HEADERS has the value 0x80000000 I would…

asked Feb 20 '15 at 13:18

positron

153
4

5

votes

2 answers

IDA - How to transform VA to FO?

I'm using IDA Pro to disassemble/modify a PE file. How can I get the file offset in the '.exe' where a specific data/instruction resides. Or how can I get the file offset which is the source of a virtual address?

asked Feb 12 '15 at 14:56

sasho648

421
5
11

5

votes

0 answers

Emulate TP-Link WR841N using Qemu

I have downloaded a few different versions of the firmware from the TP-Link website. I've been piecing together details on how to achieve this but I'm missing some key points. Following instructions from devttys0 and their great blog, used binwalk…

asked Jan 26 '15 at 13:11

elgringo

51
2

5

votes

1 answer

IDAPython script does not reload

I'm debugging an IDAPython script on my host machine and I have IDA running on my Windows VM. The folder containing the IDAPython script on the host machine is shared with the VM. The first time I run the IDAPython script in IDA it works fine.…

asked Jan 19 '15 at 12:42

user1743

5

votes

1 answer

What tools are available to trace system resources a program is touching in windows?

What is the best tool to trace system resources a program is touching. For example, which registry keys, other files or DLLs it's loading, internet connections it's opening, etc...? I saw this question on reddit.com/r/ReverseEngineering and the mod…

windows

asked Jan 16 '15 at 20:44

Robert_Musser

53
1
4

5

votes

3 answers

Is there any way to get a list of function arguments used with IDC?

I'm using IDA Pro 6.5, and I got the offset of a function and its arguments. It looks like this: .text:0000C0DE int __cdecl func(char* a1, int a2, int a3, int a4, int a5, int a6, char* a7) However, it has tons of xrefs (more than 200!) Is…

asked Jan 05 '15 at 11:15

rev

1,293
12
22

5

votes

1 answer

Trying to reverse GPS Watch firmware image with binwalk

I'm in the process of trying to reverse engineer a GPS-watch firmware image in purpose of adding a new feature to the watch. Here's what I got so far I have the firmware image (.gcd file). AFAIK it's no common image, I couldn't find any information…

asked Dec 21 '14 at 17:39

Markus

53
1
4

5

votes

1 answer

DLL Injection search for procedures/variables

I am learning DLL injection basics and different techniques to achieve it, like using CreateProcess and LoadLibrary for example, or simply replacing a .dll in folder where the application to inject into resides. I was able to perform some basic…

asked Dec 16 '14 at 12:47

astralmaster

145
1
1
8

5

votes

1 answer

Where is the code for a global variable declaration in Ollydbg?

Consider this code snippet: I'm trying to find the code that declares the global variable in Ollydbg. I can't find where it is.

asked Dec 15 '14 at 11:24

j1ni3

51
2

5

votes

1 answer

Decrypting firmware: Is there a true "format" to it, and how does it differ from decryping other files?

I have firmware for a system and I'm trying to decrypt some of it just for the sake of seeing what it all does; nothing illegal or anything like that, such as reproducing copies of it decrypted and such. But it can seem tough for several…

asked Dec 09 '14 at 18:40

stack full of heaps

51
1
1
3

5

votes

1 answer

Is there a way to copy a flash drive's firmware?

I'm pretty new to this subject, but I read up on BadUSB and Psychson, and think that they are incredibly cool projects. It got me thinking that I'd like to delve into the depths of USB and see where it takes me. I bought a couple of drives from…

asked Dec 05 '14 at 01:23

Kmanc

151
3

5

votes

2 answers

windbg: How to determine the opcode for an assembly language instruction or set of instructions

I am working on an assignment to perform an exploit using a rop chain. While I understand the basics behind rop, I don't know how to convert instructions like xchg eax, esp; retn; to their opcodes. I tried using: 0:005> a input> xchg eax,esp but…

windbg

asked Nov 15 '14 at 04:04

dnraikes

379
5
11

Most Popular