Highest Voted Questions - Reverse Engineering Stack Exchange

17

votes

4 answers

How do I get the location of the original audio/video file embedded on a webpage?

Some sites like The Free Dictionary, and many other translation and pronunciation services, offers a little icon next to the word so you could hear its pronunciation. How can I figure out the source for an audio\video embedded file on a webpage?…

embedded

asked Jun 25 '13 at 18:19

H0ward R0ark

299
1
2
4

17

votes

3 answers

How to debug an IDAPython script from within IDA?

IDAPython is great plugin in IDA. It is so handy to write small script to decode, decrypt or fix (patch) a binary in IDA. I can just write, load and run a script, and can use print for the usual shotgun debugging. But when I develop a bigger…

asked Jun 04 '13 at 19:47

huyna

173
1
4

17

votes

2 answers

What purpose of mov %esp,%ebp?

When execution enters a new function by performing call I do often see this code template (asm list generated by Gnu Debugger when in debugging mode): 0x00401170 push %ebp 0x00401171 mov %esp,%ebp 0x00401173 pop %ebp So what's the…

disassembly

asked May 22 '13 at 14:42

PaulD

433
1
4
10

17

votes

4 answers

USB Dongle Traffic Monitoring

How can I monitor a usb dongle's traffic? I would like to see how a program and its usb dongle talk to each other, if it is possible replay this traffic? Since I am new to this type of thing, any tutorial or tool suggestion is welcome.

asked Apr 15 '13 at 18:29

Atilla Ozgur

273
2
6

17

votes

4 answers

How can you reliably unpack a Windows driver manually?

When you unpack manually a Windows user-mode executable, you can easily break at its EntryPoint (or TLS), then trace until you reach the original EntryPoint. However that's not possible with a packed driver. How can you reliably unpack a Windows…

asked Mar 29 '13 at 20:43

Ange

6,694
3
28
62

16

votes

2 answers

In a Mach-O executable, how can I find which function a stub targets?

Before exposing my problem, here's my understanding of the whole thing, so that you may correct me if I'm saying something wrong. In a Mach-O file (at least on x86), the __TEXT.__stubs section typically has stubs in it that all consist of a single…

asked Feb 05 '15 at 16:25

zneak

331
3
9

16

votes

5 answers

Are there any open source test suites for testing how well a disassembler performs?

A key tool in reverse engineering is a good disassembler, so to ensure that a disassembler is performing properly, are there any good test suites available for use to test the correctness of a disassembler? Are these architecture specific, or can…

asked Mar 20 '13 at 15:56

WilliamKF

927
2
11
12

16

votes

3 answers

Code Coverage - Fuzzing

I have been fuzzing Adobe Reader lately. One of the issues that I face is Code coverage. How do I determine that I have covered all the basic blocks in Adobe Reader and it's libraries. Is there any script or tool to find basic blocks of all selected…

asked Jun 23 '14 at 16:35

john4tech

595
3
12

16

votes

3 answers

Purpose of OR EAX,0xFFFFFFFF

I have read the assembly line OR EAX, 0xFFFFFFFF and in the register EAX the program has stored a string. I have problems to understand how we can make a comparison with a string and a value like that. After performing that instruction, EAX has…

assembly

asked Jun 13 '14 at 19:03

user3097712

1,541
1
25
44

16

votes

1 answer

How to deobfuscate an obfuscated javascript file like this?

I'm having serious problems deobfuscating a JavaScript file at work. This file is inside a web app that I was left in charge to improve it. The problem is that I can do it without having access to this file and the previous programmer that…

asked Jun 08 '14 at 09:58

MaizerG

169
1
2
4

16

votes

6 answers

Decompilation techniques for DOS .COM files

I've found a binary copy of a DOS freeware game I was fond of back in the day (Firefighter, downloadable as FIRE.COM) but the source code is not available. I'd like to re-implement it in C or Python using Unix curses and while I'm fully competent to…

asked Mar 04 '14 at 22:27

ESR

161
1
1
4

16

votes

4 answers

Open-Source library for Complete Binary Disassembly

One of the major hurdles of x86 disassembly is separating code from data. All available open-source disassembly library only perform a straight line disassembly (starts from the top and skips errors by 1 byte), compared with OllyDBG which apparently…

asked Jan 12 '14 at 22:56

3asm_

506
6
15

16

votes

2 answers

Determining the serial port protocol of a typewriter

How can i determine the serial protocol of a electric typewriter? some electric typewriters have a serial port in the back and it is a shape that is not commonly used today. I am planing on interfacing the typewriter with a Arduino and using it as a…

asked Oct 20 '13 at 22:48

kyle k

263
1
5

16

votes

4 answers

How to recover variables from an assembly code?

Assuming we have an assembly code, what are the known techniques that could be used to recover the variables used in the original high-level code ? Edit: By recovering variables, I do not mean recovering variable names, but trying to identify memory…

asked Mar 26 '13 at 16:31

perror

19,083
29
87
150

16

votes

2 answers

Extract SquashFS filesystem with shsq magic number

for a few days I was trying to extract the filesystem of a router firmware. Checking the image that the vendor provides I can see a SquashFS flag on it: DECIMAL HEX …

asked Jun 07 '13 at 16:16

Nucklear

725
2
8
17

Most Popular