Highest Voted Questions - Reverse Engineering Stack Exchange

15

votes

3 answers

Which calling convention to use for EAX/EDX in IDA

I have some code (I assume Delphi) which uses only the EAX and EDX register for passing the arguments (and of course the stack if more are required). I looked which calling conventions would match, but I haven't found one which uses only EAX and…

asked Oct 27 '13 at 09:31

Devolus

963
1
10
21

15

votes

3 answers

How exploit writers find bugs in Java Machine?

My question is about Java exploits, for example this one: https://www.us-cert.gov/ncas/alerts/TA13-010A (exploit avaiable here http://www.securityfocus.com/bid/57246/) The victimn should visit the site and accept to run the applet in your computer.…

asked Oct 05 '13 at 19:41

jyz

498
2
12

15

votes

3 answers

How to decompile Linux .so library files from a MS-Windows OS?

I would like to decompile the Linux .so files. Any tool to decompile .so files in MS-Windows based operating system ? Any tools/methods to decompile .so files ?

asked Aug 21 '13 at 08:12

BlueBerry - Vignesh4303

1,097
2
11
15

15

votes

4 answers

Reverse engineering compressed file, where to start?

I want to open finnish sports league "data file" used for bookkeeping. It includes all statistics for few decade, so it's interesting data file. The file is here: http://www.bittilahde.fi/Tietokanta.dat (Database.dat in english) The book keeping…

file-format

asked Jun 15 '13 at 15:45

Harriv

253
2
6

15

votes

3 answers

How do AV vendors create signatures for polymorphic viruses?

I was working on a hobby AV project using ClamAV's engine. While ClamAV is a good open source engine, it has poor support for detecting polymorphic viruses. The latest updated version failed to detect many instances of Virut and Sality. How do…

malware

asked Jun 02 '13 at 06:03

shebaw

685
6
13

15

votes

4 answers

E Ink display interface protocol

I am particularly interested in the ED060XC3 that is in the kindle paperwhite (I think that is the right one anyway). I can't find a freely available datasheet. Would it be possible to reverse engineer a driver from the kindle firmware? There are…

hardware

asked May 30 '13 at 22:35

cb88

2,320
2
18
33

15

votes

3 answers

Difference between DllMain and DllEntryPoint

I have a piece a malware to analyze. It is a DLL according to the IMAGE_FILE_HEADER->Characteristics. I was trying to do some dynamic analysis on it. I have done the following: Run it with rundll32.exe, by calling its exports. Nothing. Changed the…

asked May 22 '13 at 19:33

k0ng0

491
2
4
11

15

votes

4 answers

Debugging malware that will only run as a service

I'm trying to debug a malware sample that installs to a system as service and then will only start if it starts as a service. Other functions are still available without the service start, like configuring or install under a different name. I'm…

asked May 07 '13 at 21:04

RcketCalf

153
1
4

15

votes

3 answers

What different UPX formats exist and how do they differ?

Recently I asked a question about detecting UPX compression. 0xC0000022L wanted to know if it was plain UPX. However until that point I only was aware of plain UPX. So my question is: What versions/modifications of UPX exist? How do they differ?…

upx

asked Mar 23 '13 at 20:12

qbi

527
1
4
16

15

votes

4 answers

Purpose of test eax,eax after a strcmp

This is my first program i am trying to reverse and my intro to this field. The C program will test if two strings match, and it will printf() a message for each occasion. This is what the reversed code snippet looks like: call strcmp //compares the…

asked Sep 03 '18 at 10:30

user1584421

253
1
2
6

15

votes

2 answers

What are the different types of packers?

I know the basic principle of a packer. Basically, it is a small routine launched at the beginning of the program that decompress the actual program and jump to it once achieved. Yet, it seems that there are quite a lot of variations around this…

asked Apr 15 '13 at 11:36

perror

19,083
29
87
150

15

votes

7 answers

How to see what data is being transmitted when an application calls home?

Always wondered how it would be possible to see what data is being transmitted back and forth with an application that calls home. Let's say we emulate the server via host file redirect. Would it be possible to see what requests are being made by…

asked Apr 06 '13 at 13:45

GuYY

153
1
1
5

15

votes

3 answers

Reverse engineering a Visual Basic p-code binary

p-code is the intermediate code that was used in Visual Basic (before .NET). I would like to know where I can find resources/tools related to analysis of these virtual machine codes.

asked Apr 05 '13 at 11:06

viv

784
1
4
17

15

votes

2 answers

Where can I learn more about black-box fuzzing of small embedded systems?

Fuzzing has become a very common place technique used for software testing and is heavily used to find security problems. There are many frameworks (sully, Peach Fuzzer etc.) that are geared up for fuzzing large, complex software systems. I have not…

asked Apr 05 '13 at 08:55

Cybergibbons

1,762
2
17
26

15

votes

2 answers

How does a SIM card work?

I understand that a SIM card has memory, and that some or maybe all of them also include microprocessors. They act as peripherals that are more than just flash memory. I would like to be able to read the contents and extract my contacts and…

asked Mar 25 '17 at 16:38

SDsolar

329
1
4
17

Most Popular