Reverse Engineering Stack Exchange
Reverse Engineering Stack Exchange

Most Popular

more tags
1500 questions
5
votes
2 answers

How to make pseudocode in IDA more human readable

Some codes in IDA are not clear enough. Especially when they do reference after calculation while ( dx33[rdi24] ); if ( rax35 != &WPP_GLOBAL_Control && (*((_BYTE *)rax35 + 68) & 2) != 0 && *((_BYTE *)rax35 + 65) >= 4u ) { WPP_SF_sd( …
anonymous bear
  • 313
  • 1
  • 9
5
votes
1 answer

Why do the first bytes of this executable contain a path to busybox?

I'm reverse engineering an old TP-Link TD-W9970v3 router for fun and wanted to examine one of the executables called webWarn. Ghidra was unable to recognise the format, which surprised me. I then tried to use the file command on it, and it too did…
Amr Bekhit
  • 151
  • 4
5
votes
2 answers

Automatic function naming

I'ld like to know how to bulk rename functions in IDA, based on some condition. Example: Rename all functions to Foo_XYZ where the function accesses a certain static variable, for example : dword_12345. This would help me a lot, because I know that…
Dominik Antal
  • 2,038
  • 22
  • 39
5
votes
0 answers

What utilities allow you to debug a process without pausing execution?

I was just reading this answer on StackOverflow, "How can you debug a process using gdb without pausing it?" The Linux kernel provides some support for this via PTRACE_SEIZE, but gdb doesn't use this yet. There's a bug in bugzilla you can track,…
Evan Carroll
  • 1,779
  • 1
  • 18
  • 50
5
votes
0 answers

Lifting x86 machine code to LLVM IR

I would like to translate a simple x86_64 machine code into LLVM IR, which can be later analyzed. For my particular use case, I need to be able to work with just instructions and opcodes directly, and I don't have access to the binary itself. To my…
jgawr
  • 51
  • 2
5
votes
2 answers

Do disassemblers detect standard functions?

Do disassemblers detect the use of C/C++ standard functions and specify them in the output code, adding the #include line to the appropriate header file (such as stdio.h or even windows.h)? If not, does the whole big library is being recognized as…
Reflection
  • 403
  • 4
  • 7
5
votes
1 answer

Differences in memory dumps of executable data

I'm comparing memory dumps in python with diStorm and volatility and try to analyze for given MemoryDumps (the 'dump' and the 'truth') whenever or not there was process injection. Mainly I try to match processes and vads in to dumps to each other to…
Nordwald
  • 2,896
  • 13
  • 25
5
votes
1 answer

Exposing the connectors in a package on package

To analyze the communication protocol between two chips running unknown firmware, we eavesdrop into the communication bus between the chips. In the ideal case, this is “just” a matter of matching exposed paths on a PCB with the contacts of a logic…
Gilles 'SO- stop being evil'
  • 1,358
  • 13
  • 23
5
votes
0 answers

Patching Jar File (2022)

Currently reversing a .jar program recreationally, and I understand the workflow proposed here: https://www.netspi.com/blog/technical/thick-application-penetration-testing/patching-java-executables-the-easy-way/ But whenever I go to repackage the…
triboulet
  • 51
  • 3
5
votes
1 answer

What does this Generate_Key_IV assembler routine?

I want to decompress some files, and found some information on how. Apparently they are encrypted with AES 128 in CFB mode, and sometimes compressed using ZLIB. Each file's key and IV is supposedly generated from the file size. This code is supposed…
puggsoy
  • 173
  • 5
5
votes
1 answer

Decompile a NodeJS compiled program maybe by NEXE

I recently got idiotly scammed one of my discord account but kept the malware in case. Curious, I would love today to break into the executable to fetch any information about the scammer. I decompiled the program using IDA, and found out it was a…
suiram
  • 51
  • 1
  • 1
  • 2
5
votes
1 answer

How to reverse engineer a setjmp/longjmp sequence?

I'm trying to reverse engineer the GNU libc x86 (32 bit) setjmp / longjmp (re a vuln which may allow arbitrary overwrite of the jmp_buf env. There's a great writeup of the musl setjmp but I can find almost nothing online about the GNU. I've tried to…
SRobertJames
  • 237
  • 1
  • 11
5
votes
1 answer

Intro to reverse engineering

I would like learn how to reverse engineer malwares. I have a very small experience reverse engineering windows applications. I would like to know if there are good resources that is helpful in learning this.
Ray
  • 93
  • 6
5
votes
2 answers

How do you attach to a child process using IDAPro?

The code that I'm analyzing calls fork and I was wondering if there was a way to trace the child process that is created. I've looked in The IDAPro Book and there's nothing on the topic (if there is I can't find it). Perhaps it's not possible with…
Cairn
5
votes
1 answer

vtrace / vivisect resources

Where can I find some resources to start learning about vivisect? Blog posts, presentations, PDFs, code examples, anything would be appreciated. I am aware I can read the code but before doing that I would like to have something to get me started.
Carlos Garcia
  • 1,041
  • 1
  • 7
  • 15
1 2 3
99 100