Highest Voted Questions - Reverse Engineering Stack Exchange

5

votes

1 answer

Dealing with exceptions in x64dbg

I'm debugging a game and I often come across an exception (EXCEPTION_PRIV_INSTRUCTION) The debugger pauses on the address where it stops, now I want to step over one command at a time but when I step over it doesn't go one command at a time

asked Dec 29 '17 at 17:53

Ayazasker

107
1
3
8

5

votes

3 answers

Changing a windows name by patching create window function call

I use x64dbg and IDA Pro the process is 32bit. I'm not sure if I'm doing this right or not because I'm getting a crash which I'm not sure if it's caused by me doing something wrong or the startup process of the application failing for some reason…

asked Dec 15 '17 at 10:09

notvita

51
6

5

votes

1 answer

IDA Script, get function that has random characters in its name

I was trying to figure out if there is a way I can get the address for a function name that has random characters in it. For example the function name is "Player_GetStats_m29275" here the "m292755" is random characters. So I want to search the name…

asked Dec 04 '17 at 19:23

Arsalan Awan

53
1
3

5

votes

2 answers

What are some ways in which virtual machines make native static and dynamic reversing of a binary more difficult?

It is practically common knowledge in reverse engineering that trying to use a native debugger or disassembler on a "VM protected" or virtualized program is much more difficult to analyze. However, I would like to know specific, concrete ways in…

asked Nov 23 '17 at 10:22

the_endian

1,860
17
39

5

votes

1 answer

How do Enigma, Themida and VMProtect compare to each other?

I'll be releasing a piece of software soon and I'm looking for good protectors. The three that came to my attention were: Enigma, Themida and VMProtect. I searched a lot online but I couldn't find many comparisons. They are all in a similar price…

asked Nov 12 '17 at 13:31

Fomic

53
1
1
3

5

votes

1 answer

School project - Cracking a school emulator

John here. I'm in the last half of our IT school, and we got a side project from one of our teachers. He wrote a emulator back in 2009 in delphi, which is in use till that time. Nothing special, just a serial bus emulator, what we can controll over…

asked Nov 02 '17 at 15:31

John

51
2

5

votes

1 answer

Disassembling VxWorks Firmware

I am trying to disassemble the firmware for the Cisco Sx300 switch as found here: https://software.cisco.com/download/release.html%3Fmdfid%3D283019611%26softwareid%3D282463181%26release%3D1.2.7.76 While some documentation for other iterations of…

asked Oct 31 '17 at 14:52

MrSynAckSter

1,258
1
10
24

5

votes

1 answer

Erlang Source file generation from .beam file

I have Erlang application's beam files which I want to decompile. Application is Compiled and build with 'debug_info' options. here is snippet of emake file to which is used to build application : {"apps/my_app/src/*", [debug_info,…

asked Oct 30 '17 at 10:56

parmar7725274

151
2

5

votes

1 answer

x86 ASM question about hexadecimal numbers and how to transfer them

So I am wondering why I cannot do this mov eax, ffffffffh but I can do this: mov eax, 0ffffffffh Could anybody explain please? In this case, I am using the Flat Assembler but I think this is not assembler-specific.

asked Oct 21 '17 at 10:36

BoSsYyY

151
1
2

5

votes

3 answers

Faster Kernel debugging for Windows

I am Kernel debugging in Windbg and it's slow , very slow stepping through. My current setup is using VMWARE and Windbg through a com port on the Virtual Machine. Is there a faster way to debug the Windows Kernel? What are some of my options?

asked Oct 20 '17 at 20:20

LUser

783
1
4
22

5

votes

1 answer

OLLYdbg is stopping on 7000000 addresses on the ntdll and not the entry point of the application

i am solving the leena's 4th binary challenge.but the ollydbg is unable to stop at Entry point which some around 400000 or above.Application stops working and start with some around 700000 check the image below And if we close the application it…

asked Sep 26 '17 at 16:28

Bikash Dash

119
6

5

votes

1 answer

Need help with a USB gaming mouse

I have a Chinese USB gaming mouse (04d9:a070) which has 4 color modes and 4 light levels. I know for a fact that this mouse is capable for showing at least 5 different color so it must be an RGB led (4 legs). The software is the worst I've ever seen…

asked Sep 23 '17 at 10:46

user1475122

53
5

5

votes

0 answers

What is the current state on Christopher Domas' "killer poke" find?

On 2017-07-22 Christopher Domas (@xoreaxeaxeax) announced a new "killer poke" that he found on some x86 processor: https://twitter.com/xoreaxeaxeax/status/888702029744324608 (also cf.…

x86

asked Aug 31 '17 at 14:22

Nubok

151
5

5

votes

1 answer

Reverse engineering the virtual machine based crackme

I am currently working on some crackme, that has implemented an obfuscation technique, virtualisation. The virtual machine inside this crackme is a huge switch-case block (over 130 cases in it). I have already read dozens of article, but none are…

asked Aug 23 '17 at 13:26

ShHolmes

185
1
5

5

votes

1 answer

Radare2 doesn't display the whole function

I am using radare2, I have disassembled the function: sym.loop, it contains a switch witch has 4 cases that calls different functions. After any of the function call, the program exits the loop function. Here is my problem: after the first exit…

asked Aug 15 '17 at 09:18

Florin

143
1
2
8

Most Popular