Highest Voted Questions - Reverse Engineering Stack Exchange

5

votes

2 answers

Getting empty files using firmware modification kit

im having trouble to extract a file system of a ZTE zxv10 h201 router. Im a beginner in reverse engineering so I am probably doing something wrong. This is what I have done so far. I got the admin username and password for the web interface and…

asked Nov 01 '14 at 22:39

tehcereal

51
1

5

votes

6 answers

Decoding New Jersey Driver's License Codes

Driver's License numbers in New Jersey aren't random. They follow the format: Affff lllii mmyye, where A is the first letter of the person's last name, ffff is some mapping of the remaining letters of the last name to a four digit numeric, lll is a…

asked Oct 13 '14 at 21:26

Alex Beals

219
1
2
5

5

votes

4 answers

Are there any modern assembly-level patching tools?

I've recently been undertaking a little RE project where I needed to patch the executable. For small modifications, I know enough x86 to patch in an jump, nop, infinite loop, etc, so a hex editor is good enough. But what about larger ones? I used…

asked Oct 10 '14 at 19:33

ultramancool

53
5

5

votes

0 answers

Page Fault Handler in Windows

Like almost all of my questions, I feel like I'm missing something / I understood something the wrong way, so help me figure out where I'm wrong with this. When a Page Fault occurs and nt!KiTrap0E comes to save the day, the CPU saves the current…

windows

asked Sep 24 '14 at 13:48

user3002428

327
1
13

5

votes

1 answer

IDA PRO Hex-Rays 1.5 pseudo code understanding -=0x3FFFFFFFu; += 0x3FFFFFFFu;

I'm trying to clean up the pseudo code to make it compile and function similar if not exactly the same as the original code. This bit which looks like this appears in various places I'm trying to figure out what it exactly means. if (…

asked Sep 21 '14 at 01:23

SSpoke

759
1
7
19

5

votes

1 answer

Assembly variable meaning

Im newbie at reverse engineering and I was wondering what is the meaning of declaration var_18 = byte ptr -18 and the others like it in the picture. I know that byte ptr means it is a pointer to a byte variable, but why does it have negative value.…

asked Sep 17 '14 at 12:21

newbie

139
2
9

5

votes

1 answer

Is nVidia Linux driver reverse engineering legal in Europe?

How does nvidia linux driver eula, especially sections 2.1.3 and 5. play with European Union Directive on the legal protection of computer programs? I think somebody would have already done that and uploaded to nouveau if it was legal in Europe. But…

asked Sep 14 '14 at 18:50

user3313119

51
2

5

votes

1 answer

Associating Symbol Names with .PLT Entries

Doing some messing around with ELF (of both the x86 and ARM varieties). Associating symbol names with entries in the .got section is straightforward. Find the .got section, find the relocation section .rel.plt/.rela.plt whose .sh_info contains the…

asked Sep 10 '14 at 04:06

Zach Riggle

2,337
1
16
28

5

votes

1 answer

How to debug an IDA Pro plugin built with the C++ IDASDK

I'm building an IDA Pro plugin (not a script) using the C++ SDK. On top of the frustration added by the lack of a proper API documentation, I cannot find a good way to debug my plugin. I've tried printing messages to the output window of IDA Pro.…

asked Sep 05 '14 at 07:31

Benny

828
7
18

5

votes

1 answer

Finding how IMDB creates its image codes

When you look at any IMDB image page, the movie poster image has a url of this form: http://ia.media-imdb.com/images/M/MV5BMTIxOTY1NjUyN15BMl5BanBnXkFtZTcwMjMxMDk1MQ@@._V1_SX214_AL_.jpg or more…

api

asked Aug 26 '14 at 03:52

Alex Beals

219
1
2
5

5

votes

1 answer

Why was my memory breakpoint not triggered in OllyDbg?

I am currently battling this protection on an 32-bit executable. At some point during it's runtime, the protection gets the address of DbgUiRemoteBreakin and writes a JMP to ExitProcess as an anti-attach technique. I decided to place a memory…

asked Aug 26 '14 at 02:36

farmdve

181
1
7

5

votes

3 answers

IDA Pro Renaming Imports

This PE file destroys its import address table. However, all the function addresses are in this _rdata segment here: Any straight forward way to rename these functions?

asked Aug 25 '14 at 17:33

IChooseYou

81
1
4

5

votes

1 answer

Unknown compression algorithm

I got data which is compressed but I fail to find the compression algorithm. The data is part of a larger file from which I know the layout, So I managed to find out few things. What I know: I don't have the binary executable that load the data, I…

file-format

asked Aug 19 '14 at 13:15

search4everNever

61
1
3

5

votes

1 answer

Rearrange instructions in an ida database?

I'm disassembling an old (1996) game, that has been compiled with the Watcom 386 compiler. This compiler seems to aggressively reorder instructions to make better use of the processor pipeline, as seen in this chunk of assembly: The instructions…

asked Aug 19 '14 at 12:01

Guntram Blohm

12,950
2
22
32

5

votes

4 answers

Any correlation between DOS Program Segment Prefix and the base address of loaded executable?

I'm using IDA to disassemble Test Drive III. It's a 1990 DOS game. The *.EXE has MZ format. The game uses a number of anti-reversing features such as copying its code to segment (PSPseg+2be7) where PSPseg is the initial value of ES (i.e. the segment…

asked Aug 10 '14 at 12:16

ScumCoder

609
1
7
12

Most Popular