Highest Voted Questions - Reverse Engineering Stack Exchange

16

votes

1 answer

IDA EBP variable offset

Let's take a look of how IDA displays address of local variable. For instance: MOV EAX, [EBP + var_4] As we all know as far as local variables go, they are located at lower addresses of EBP. Though, I have been taking it for granted and…

asked Jun 07 '13 at 01:11

PSS

3,088
1
21
35

16

votes

3 answers

Are there any metrics for code obfuscation?

Is source code obfuscation quantifiable ? Are there any metrics that measure the degree of obfuscation in a source file ?

obfuscation

asked Mar 23 '13 at 14:05

asheeshr

2,465
8
28
41

16

votes

7 answers

What are the tools use for reverse engineering android apk?

Currently, I only know about apktool. But is there any tools that helps in checking the code, editing it and compiling it back to apk?

asked May 04 '18 at 15:18

Daniel Mana

269
1
2
4

16

votes

3 answers

Are hardware dongles able to protect your software?

Various software companies distribute their software with hardware security, usually a dongle which must be mounted in order for the software to operate. I don't have experience with them, but I wonder, do they really work? What is it that the…

asked Mar 23 '13 at 08:39

Mellowcandle

4,795
6
34
47

16

votes

3 answers

Dynamic java instrumentation?

This is not strictly 'reverse engineering', it's mostly related to dynamic instrumentation. So, in the same fashion as strace which allows you to see syscalls made by a process, or ftrace to see function calls, is there anything similar for…

asked Apr 11 '13 at 09:37

JavaSec

163
1
6

16

votes

4 answers

INT 2D Anti-Forensic Method

Inclusion of an INT 2D instruction appears to be a fairly common anti-debugging tactic used by Windows malware authors. From what I understand, it causes a process to act differently when a debugger is attached from when it is not attached. I have…

asked Apr 03 '13 at 14:42

lynks

263
2
7

16

votes

1 answer

What are the Vectored Continue Handlers

Practically everyone knows what Vectored Exception Handlers are, but I couldn't find a lot of information about the similar "Vectored Continue Handlers" and related functions I encountered today, such as AddVectoredContinueHandler and…

asked Mar 23 '17 at 12:47

NirIzr

11,765
1
37
87

16

votes

1 answer

Malware Hooking INT 1 and INT 3

I understand that on x86, INT 1 is used for single-stepping and INT 3 is used for setting breakpoints, and some other interrupt (usually 0x80 for Linux and 0x2E for Windows) used to be used for system calls. If a piece of malware hooks the…

asked Mar 31 '13 at 02:48

mrduclaw

4,066
8
27
40

16

votes

2 answers

Decoding an unknown image format with "DREK" signature (*.drk)

There are some unknow images, which I would like to decode to RRGGBBAA format. It was a really hard work, but at the moment I can somewhat understand, that which part of the binary is responsible for what. But I'm stuck at the end, and I have no…

asked Aug 06 '16 at 23:08

Iter Ator

214
2
15

16

votes

2 answers

Is there an actively maintained collaboration plugin for IDA?

There are many IDA Pro plugins that assist with collaboration, but are any actively maintained and known to work with the latest version of IDA (version 6.9)? These are the tools that I'm aware of, and none of them are actively maintained. CrowdRE…

asked Feb 16 '16 at 19:28

Reverser

179
4

16

votes

1 answer

Debugging third party android APKs

What are some ways to debug third party android apps (apps you don't have the source code to)? I would like to step through the APK instruction by instruction, and possibly set breakpoints on certain APIs or certain smali instructions. I've tried…

asked Sep 18 '15 at 20:21

gsgx

400
1
4
11

16

votes

2 answers

How do I work out the Ultranet protocol?

Ultranet is a audio protocol that allows low latency audio with many channels to be transmitted over standard Ethernet cables. For instance you might have a Midas sound desk transmitting audio packets to a chain of personal mixers on a stage. There…

packet

asked Sep 14 '15 at 06:19

fret

262
1
2
6

15

votes

1 answer

Looking for exported symbols in a DLL with objdump?

I am a man full of contradictions, I am using Unix and, yet, I want to analyze a Microsoft Windows DLL. Usually, when looking for symbols in a dynamic or static library in the ELF World, one can either use nm or readelf or even objdump. Here is an…

asked Nov 28 '13 at 18:47

perror

19,083
29
87
150

15

votes

1 answer

Treating independent code as a function in IDA Pro

When reverse engineering programs, I often find functions like the one below. This function in particular has a set of nested if/else blocks (pink boxes) which would typically be fairly easy to follow. When code executes at the blue box however,…

ida

asked Mar 27 '13 at 00:13

amccormack

1,326
2
13
29

15

votes

2 answers

Is there a good reference for COM object signatures?

When doing RE on some Microsoft binaries I run across COM object references all the time. Is there a good central place to translate some of the GUID's that I find to some sort of object type without having to follow it back to some known parent…

windows

asked Mar 19 '13 at 19:22

Modoc

429
4
8

Most Popular