Highest Voted Questions - Reverse Engineering Stack Exchange

337

votes

16 answers

Is there any disassembler to rival IDA Pro?

Is there any disassembler (not only a live debugger) second to IDA in capabilities? IDA is wonderful, and somewhat amazing in how robust and useful it is for reversing. However, it is quite expensive to properly license. Is there any viable…

asked Apr 17 '13 at 00:59

dyasta

4,188
3
13
17

141

votes

2 answers

What is PLT/GOT?

From time to time, when disassembling x86 binaries, I stumble on reference to PLT and GOT, especially when calling procedures from a dynamic library. For example, when running a program in gdb: (gdb) info file Symbols from "/home/user/hello". Local…

asked May 03 '13 at 08:39

perror

19,083
29
87
150

132

votes

14 answers

Where can I, as an individual, get malware samples to analyze?

It seems that a popular use of software reverse engineering skills is to reverse malicious code in an effort to build better protection for users. The bottleneck here for people aspiring to break into the security industry through this path seems to…

malware

asked Mar 23 '13 at 21:36

mrduclaw

4,066
8
27
40

123

votes

2 answers

How to handle stripped binaries with GDB? No source, no symbols and GDB only shows addresses?

I have GDB but the binary I want to reverse engineer dynamically has no symbols. That is, when I run the file utility it shows me stripped: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), dynamically linked (uses shared libs), for GNU/Linux…

asked Apr 27 '13 at 03:13

0xC0000022L

10,908
9
41
79

102

votes

20 answers

Decent GUI for GDB

Learning the GDB commands is on my bucket-list, but in the meantime is there a graphical debugger for *nix platforms that accepts Windbg commands, and has similar functionality? For example, the ability to bring out multiple editable memory…

asked Mar 30 '13 at 02:30

mrduclaw

4,066
8
27
40

93

votes

9 answers

How do I reverse-engineer .so files found in Android APKs?

I know how to reverse-engineer normal Android APKs using tools like apktool and dex2jar, but I don't know how to work with obfuscation. When I extract everything from APK, I get some Smali files (I tried JD-GUI, but the strings contained random…

asked Jun 17 '14 at 07:09

Pervy Sage

1,205
2
11
9

87

votes

3 answers

How are the segment registers (fs, gs, cs, ss, ds, es) used in Linux?

I try to understand the process of memory segmentation for the i386 and amd64 architectures on Linux. It seems that this is heavily related to the segment registers %fs, %gs, %cs, %ss, %ds, %es. Can somebody explain how these registers are used,…

asked May 04 '13 at 06:18

perror

19,083
29
87
150

76

votes

9 answers

Analyzing highly obfuscated JavaScript

I was recently analyzing a web page that contained some highly obfuscated JavaScript - it's clear that the author had went through quite a bit of effort to make it as hard to understand as possible. I've seen several variations on this code - there…

asked Apr 01 '13 at 03:27

Adam Caudill

963
1
9
17

71

votes

3 answers

What is the purpose of 'mov edi, edi'?

I see this instruction in the beginning of several Windows programs. It's copying a register to itself, so basically, this acts as a nop. What's the purpose of this instruction?

asked Mar 25 '13 at 09:56

Mellowcandle

4,795
6
34
47

71

votes

7 answers

What are the possibilities for reverse engineering an IPA file to its source?

I browsed a lot, but can't find any resources for reverse engineering an IPA file (iPhone application). Is there any method to reverse engineer an IPA file to its source? I've tried to rename it to zip and open it via Winrar/Winzip to view its…

asked Apr 05 '13 at 10:55

BlueBerry - Vignesh4303

1,097
2
11
15

70

votes

2 answers

What is DLL Injection and how is it used for reversing?

I was reading a discussion about dumping a processes part of a process's memory and someone suggested using DLL injection to do this. I'll be honest in that I don't really understand. How does DLL injection work and what kinds of reversing tasks can…

asked Jun 14 '13 at 15:07

user2142

1,537
2
14
17

66

votes

4 answers

How can I analyze a potentially harmful binary safely?

I've recently managed to isolate and archive a few files that managed to wreak havoc on one of my client's systems. So I was wondering what software and techniques make the best sandbox for isolating the code and digging into it to find out how it…

asked Mar 19 '13 at 21:27

Archenoth

1,475
13
17

64

votes

6 answers

Where to find (free) training in reverse engineering?

Can someone give a list of websites with good (and free) reverse engineering training exercises ?

asked Mar 25 '13 at 23:14

perror

19,083
29
87
150

63

votes

7 answers

What is a good Java decompiler and deobfuscator?

I am using JD-GUI to decompile Java JAR files, but the problem is that it leaves many errors, such as duplicate variables which I have to fix myself and check to see if the program still works (if I fixed the errors correctly). I also tried…

asked Mar 29 '13 at 15:44

user56

62

votes

7 answers

Visualizing ELF binaries

I recently saw an older talk by Sergey Bratus and Greg Conti by the name of Voyage of the Reverser: A Visual Study of Binary Species. Are there any opensource/free tools that one could use to see visual representations of the binaries that are fed…

asked Aug 02 '14 at 07:59

user1743

Most Popular