Most Popular

more tags

1500 questions

votes

1 answer

What type of disassembler is distorm?

In Alam you can find the classical differentiation between disassemblers. The author explains in general the two well known types of disassemblers: The Linear Sweep technique starts from the first byte of the code and disassembles one instruction…

disassemblers

asked Feb 16 '17 at 07:13

knx

1,257
1
9
26

votes

3 answers

How to get Video URL from embedded Link in Twitter

I'm trying to get the Video URL of ( https://twitter.com/i/videos/823649890379120640?embed_source=facebook ) I tried going over the source code but it give the same URL link

asked Jan 24 '17 at 04:34

Sarah19953

votes

2 answers

How are addresses calculated from the values in x86 segment registers?

How are the 16-bit values in segment registers used to represent large memory addresses? ES 0023 32bit 0(FFFFFFFF) CS 001B 32bit 0(FFFFFFFF) SS 0023 32bit 0(FFFFFFFF) DS 0023 32bit 0(FFFFFFFF) FS 003B 32bit 7FFDF000 (FFF) GS 0000 NULL For instance,…

asked Jan 13 '17 at 14:39

Bjørn Ulfson

votes

2 answers

Difference between objdump -r and -R switches

objdump man page says, -r --reloc Print the relocation entries of the file. If used with -d or -D, the relocations are printed interspersed with the disassembly. -R --dynamic-reloc Print the dynamic relocation entries of the…

asked Dec 20 '16 at 04:19

sherlock

1,381
3
23
40

votes

1 answer

Immunity Debugger - Memory Breakpoint

Is there a way to stop execution each time some memory address is accessed?

asked Dec 03 '16 at 21:14

triple fault

votes

1 answer

Hacking Lua - Introduce new functions into built Lua

I am trying to hack a game (not for cheating though) by introducing new built-in methods and functions in order to communicate with the game using sockets. Here is a small "pseudo code" example of what I want to accomplish: Inside the Lua code I am…

asked Dec 02 '16 at 19:39

Stefan Falk

votes

2 answers

When do rep and stos appear in compiled C?

Can you give me some example C code which would be compiled to rep and stos? 00401059 /$ 55 PUSH EBP 0040105A |. 8BEC MOV EBP,ESP 0040105C |. 83EC 5C SUB ESP,5C 0040105F |. 57 PUSH EDI 00401060 |. 66:A1…

asked Nov 30 '16 at 12:42

beginner

votes

1 answer

(bad) opcodes of objdump

I'm trying to write my own disassembler for PE,PE+ and ELF executables but I'm stuck with a big problem on PE and PE+ executables. I'm checking my work by comparing my output with objdump, and I found some (bad) opcodes appear in the disassembled…

asked Nov 23 '16 at 20:13

Efe Can

votes

1 answer

What are good Windows anti-debug references?

What are good anti-debug references for Windows which help with manual unpacking, emulating, or sandboxing?

asked Mar 29 '13 at 21:46

Ange

6,694
3
28
62

votes

3 answers

Does anyone know this encoding?

There is an interesting article on Phack: http://phrack.org/issues/69/15.html#article At the end of the article there is the source appended in a strange encoding. begin 664…

asked Oct 18 '16 at 15:44

Konrad Eisele

votes

1 answer

IDA python, list all imported functions

I have the following IDA python script. It sets and removes breakpoints on all calls to library functions: import idc import idaapi import idautils def set_breakpoints(): ea = idc.ScreenEA() for function_ea in…

asked Oct 01 '16 at 13:23

igntec

votes

1 answer

Where can I, as an individual, find clean programs to analyze?

This question includes a good list of sources where an individual might collect malware samples for analysis. I'd like to get a large number of public, non-malicious programs for the purpose of comparing various attributes to malware samples. I…

asked Sep 17 '16 at 21:13

konsolas

votes

1 answer

How to investigate function calls across a batch of targets?

Say I have a collection of N executables, where N is large enough to make repetitive manual analysis tedious. I want to process all of these files and extract information about certain function calls, for instance from a malware analysis point of…

asked Mar 28 '13 at 14:12

user1307

votes

2 answers

idapython - Determine if item is code or data

I need to determine whether an IDA's item is code or data. Sometimes, data resides in an executable's code section (virtual functions tables, switch tables and stuff). So in IDA, you can sometimes see this stuff in the code section: .text:100A1424 …

asked Sep 07 '16 at 10:09

Aviv

votes

3 answers

Where can I find benign samples with a high potential to false positive?

In the pursuit and development of malware detection algorithms, often a big sample set of both malicious and benign samples is required. Both machine learning or similar automated techniques, as well as manual or partially manual signature…

asked Sep 04 '16 at 10:22

NirIzr

11,765
1
37
87

Prev 1 2 3

…

99 100 Next