Highest Voted Questions - Reverse Engineering Stack Exchange

5

votes

2 answers

IDAPython for IDAFree 5.0

I want to run some python scripts on IDAFree 5.0. However, there is no pre-built IDAPython at http://code.google.com/p/idapython/downloads/list for this version. So, I was wondering if anyone can share the built version for either Windows or Linux…

asked Aug 08 '14 at 18:21

user3403765

81
1
2

5

votes

1 answer

How to start a DOS application in DOSbox in debug mode?

DOSbox compiled with --enable-debug=heavy option becomes a powerful reversing tool. Anytime I feel like checking the disassembly and memory state I just hit Alt+Pause. But, what if I want to see the very first instructions of the program ? How do I…

asked Aug 07 '14 at 15:22

ScumCoder

609
1
7
12

5

votes

2 answers

How to hook the entry point of a DLL?

I have written a C API with support for static import hooking via overwriting the corresponding IAT entry of an exported function. It works nicely for older simple applications, but for more modern applications, it is less effective. This is…

asked Aug 03 '14 at 20:17

CaptainObvious

398
3
9

5

votes

1 answer

Why did the program entry point become 'sub esp, 1C'?

I compiled the following C++ code with MinGW and opened it in OllyDbg 2.01. And the program stops at the following lines: CPU Disasm Address Hex dump Command Comments 00401570 /$ 83EC 1C SUB…

asked Jul 18 '14 at 08:32

user127595

53
3

5

votes

3 answers

How can I view FS:[0] with windbg?

It seems that Windows 8 broke Ollydbg as several ntdll functions keep throwing exception 0xC0000008 and crashing my debugger. I am now using Windbg. But, I am unable to view FS (specifically FS:[0]). How can I get a dump of FS via Windbg? I've…

asked Jul 16 '14 at 01:21

Jason

165
1
5

5

votes

2 answers

How to identify functions in a stripped binary on x86 32bit?

I am trying to generate a coarse-grained Call Graph based on some assembly code disassembled from binary on x86 32 bit platform. It is very hard to generate a precise Call Graph based on asm code, thinking of various indirect control flow transfer,…

asked Jul 10 '14 at 17:44

lllllllllllll

2,485
2
32
50

5

votes

1 answer

Decompiling/disassembling lua bytecode

I've been experimenting with decompiling Lua bytecode and found useful tools like unluac, and LuaAssemblyTools. Unluac seems to do the trick with lua scripts compiled with luac giving me almost the exact source code, however when I convert lua…

asked Jul 10 '14 at 12:54

Dennefyren

153
1
4

5

votes

2 answers

Modifying Control Flow of a running program

I am working on the binary bomb labs and i just disarmed the bomb i am planning on solving it through a debugger and work start to work on my dynamic analysis skills or i.e debugging my real question is how to patch or modify assembly instructions…

asked Jul 04 '14 at 17:05

user3286303

107
1
3
7

5

votes

2 answers

Need help in figuring out checksum used in this small wireless packet

Need help in figuring out the checksum used for this small data packet. Packet is 48 bits long, I already have figured out most of the bits. Least 8 bits change even if there is a single bit change in rest of the packet. So I'm guessing this must be…

asked Jun 19 '14 at 21:57

chis

51
3

5

votes

2 answers

Automatically convert x86 assembly to C

Just started out with x86 assembly and slowly getting the hang of it. IDA produces nice graphs that make it much easier to follow all the jumps and function calls and stuff. I've looked at examples of arithmetics, control flow, loops, and function…

asked Jun 19 '14 at 21:16

MxLDevs

175
1
2
7

5

votes

2 answers

Extracting files from google chrome offline installer

I'm trying to extract the files from the Google Chrome offline installer as a reverse engineering exercise So I tried extracting the data inside the installer PE. I tried pestudio which showed me two large embedded resources, however, pestudio had…

asked Jun 16 '14 at 12:05

user2183

5

votes

3 answers

Unpack & repack a firmware for use as an updated version?

I am trying to modify a firmware for TD-W8961ND router because there is a vulnerability that could allow an attacker to download the configuration file of the router which exposes the router password & make him able to control the router's settings…

asked Jun 15 '14 at 20:04

kifcaliph

51
1
1
4

5

votes

1 answer

Format of .chk firmware package on WGR614v7

Note: I'm aware of the technical and legal implications of reverse-enginneering binaries. I have the firmware for a Netgear WGR614v7 router, in the form of a .chk file, coming from Netgear themselves, and I wish to unpack the file. My understanding…

asked Jun 08 '14 at 17:40

nanofarad

188
1
7

5

votes

2 answers

Rebuild symbol table

I would like to load a function I have decompiled in IDA Pro. All I have is the IDA Pro function name sub_xxxx() and obviously the address. I had thought about using dlopen to load the binary but obviously I don't have a symbol to load as the…

asked Jun 05 '14 at 14:22

allbabel

179
3
13

5

votes

2 answers

how can the processor instruction set be identified solely by examining a binary image?

Constraints: I am doing reverse engineering of a binary firmware image of unknown provenance, which operates on a device that is not physically accessible to me. That is, I can't take apart the device, don't have even block diagrams for its…

asked Jun 02 '14 at 13:54

Edward

2,521
18
25

Most Popular