Most Popular

more tags

1500 questions

votes

3 answers

Get certain instruction count for multi-architecture binaries

I need to get an ELF binary's total count of Function call instruction conditional jump (branch) instruction The binary could be any CPU architecture, like x64, ARM, MIPS, Motorola 68K, etc. It would be best if the disassembly tool can provide an…

asked Sep 09 '19 at 07:11

I Wonder

votes

0 answers

JTAG Dumped Flash is scrambled

I dumped the flash memory of an old ARM9 Chip running VxWorks using the SEGGER J-Link and the savebin command from J-Link Commander. Here is an example of a line of HTML stored on memory.

asked Aug 09 '19 at 21:41

user3547018

votes

4 answers

What information may supply the uninitialized data to security team?

When I was reversing some well known Android chat applications (I can not disclose which specific ones, but all of them where owned by companies with 1 billion+ capital and have hundreds of millions of accounts), I saw an interesting feature in C++…

asked Aug 05 '19 at 12:56

Vitalii

votes

1 answer

Microsoft Edge and it's related processes may have turned protected in windows 10 1903

It seems like driver based injection using APC calls fails on MicrosoftEdge and it's related processes (browser_broker.exe , MicrosoftEdgeCP.exe and MicrosoftEdge.exe). Looking into the problem, it looks like this application is protected process…

asked Aug 05 '19 at 06:39

Zohar81

votes

1 answer

Find file signatures inside an unknown file

I have a .bin file I would like to analyse. Especially find images embedded in this firmware update. binwalk couldn't find anything. What other tools do you know to search for possible embedded files?

asked Jun 01 '13 at 14:33

samuirai

3,079
4
23
37

votes

2 answers

Can I trap SIGSEGV (on a Linux) and what are are the conditions to make it works? (for a crackme)

I'm writing some crackmes.one challenge and I want to write a challenge where the solution appears on a segmentation fault. (And you have to disassemble the code to find a way to segfault. It should be fun, right?) I found some hard-to-understand…

asked Jul 01 '19 at 17:13

ker2x

votes

5 answers

What is an entropy graph

I am new to reversing and I see a tool Detect It Easy and it has a feature called Entropy. I want to know what it is used for?

entropy

asked Jun 27 '19 at 02:21

Suman Mandal

votes

0 answers

Extracting ARM Boot zImage

I'm trying to analyze the firmware of a system running Linux and connecting various home automation and security devices. Every time it boots, the GM8125 processor running ARMv5TE loads a firmware image from the SPI flash. I connected to the flash…

asked Jun 24 '19 at 15:05

theTheodidact

votes

4 answers

Dynamic Analysis for Shared Libraries?

Are there techniques for dynamic analysis of shared libraries? I know for example that DLLs have an entry point, but how about calling other exported functions? Do I need to write a custom executable that calls exports for each DLL I want to…

asked May 31 '13 at 03:25

user2142

1,537
2
14
17

votes

2 answers

Renaming shadowed variables in Ghidra

I'm working on a function in the Ghidra decompiler with a bunch of variables that are re-used across different scopes. I don't see any way to rename this variable on a per-line basis. Is it possible?

ghidra

asked May 16 '19 at 16:00

Griffin Byatt

votes

2 answers

Viewing memory permissions in Ollydbg for memory segments

I'm looking for a way to view memory permissions on a specific section of memory using OllyDbg (technically I'm using Immunity but I'm assuming if it exists in Olly it'll be the same there). The program I'm looking at is calling VirtualProtect to…

asked May 28 '13 at 14:52

Fewmitz

1,022
5
16

votes

2 answers

Help needed to extract u-boot kernel & rootfs - nxp lpc 3143 processor

I have a board where in principle aim at emulating a DVD-ROM loading iso file from a drive. This board is running a ARM CPU with 32MB of ram and has no vga output. The firmware update comes with 2 files called uImage and rootfs that needs to copied…

asked Apr 15 '19 at 21:31

Armandooooo

votes

1 answer

Reverse engineering android native packer

im trying to Reverse engineering an android app and the app have 4 folders in the /data/data/{package} folder ├───app_dexprotector │ 823517D25836B88F1C499C02370A047E.dat │ 823517D25836B88F1C499C02370A047E.dex │ ├───app_outdex │ …

asked Apr 02 '19 at 15:06

Amin

votes

2 answers

Use idapython to print register or memory value when the debugger is running

I want to record the value of a certain register or specific memory location when the program is being debugged. e.g. in the following segment: .text:0FD6268D shr ecx, 4 .text:0FD62690 and esi,…

asked Apr 02 '19 at 08:13

dandan

votes

2 answers

How to load a dumped process and several accompanied memory pages in IDA?

I have dumped process and several dumped pages of memory that were allocated in it. How can I load everything in IDA into one DB and reference pages in the loaded process?

asked May 25 '13 at 21:04

PhoeniX

3,052
16
30

Prev 1 2 3

…

99 100 Next