Highest Voted Questions - Reverse Engineering Stack Exchange

37

votes

5 answers

Why would a program contain a call instruction targetting the address immediately following that instruction?

While reversing a 32bit Mach-O binary with Hopper, I noticed this peculiar method. The instruction on 0x0000e506 seems to be calling an address right below the instruction. What would be the reason for this? Is it some kind of register cleaning…

asked Apr 08 '13 at 12:42

Daniel Sloof

497
4
10

37

votes

3 answers

How can I reverse optimized integer division/modulo by constant operations?

When compiling a division or modulo by a constant, my compiler (LLVM GCC) generates a series of instructions that I don't understand. When I compile the following minimal examples: int mod7(int x) { return x % 7; } int div7(int x) { return…

asked Mar 30 '13 at 07:14

Dougall

1,789
1
14
18

37

votes

3 answers

How do I figure out what is burned on an Arduino ROM?

I have an Arduino Uno Rev3. I would like to extract and find out what code is burned on the ROM of the micro-controller board. How do I extract the code from the board? How do I figure out the original source code that went into the hex file?

asked Mar 21 '13 at 14:30

asheeshr

2,465
8
28
41

36

votes

8 answers

Reverse engineering T-Disk barcodes for Tassimo coffee makers

In hope this is appropriate I have a Bosch Tassimo TAS2002EE coffee maker that uses T-Disks. Those contain coffee/milk/something else, and a barcode that is supposed to tell the machine how to deal with the disk. What I want to do is understand the…

hardware

asked Mar 20 '14 at 16:45

GSerg

460
1
4
8

34

votes

4 answers

How to reverse engineer a Windows 10 UWP app?

I wanted to see what Microsoft are doing when you click "Restart now" button in their Settings -> Update window on Windows 10: Somehow the results are not the same what is available via InitiateSystemShutdownEx or InitiateShutdown WinAPIs,…

asked Jan 05 '18 at 22:54

c00000fd

1,659
3
25
41

34

votes

7 answers

What hints in machine code can point me to the compiler which was used to generate it?

When I am looking at the machine code of an application, are there hints and patterns I can discern from the generated machine code which would indicate which compiler (and possibly version) was used to generate it? Does knowing the compiler used to…

asked Mar 19 '13 at 20:01

WilliamKF

927
2
11
12

33

votes

5 answers

Open source GUI tool for decomposing a PDF

I've been looking for an open-source GUI tool to extract PDF's in an automated way on Windows systems. I've used Didier Steven's tools with great interest for a while, but cannot make sense of how to use his PDF decomposing/analyzing tools, even…

asked Apr 03 '13 at 03:09

Lizz

443
1
5
14

33

votes

4 answers

How do I identify and use JTAG?

I'm a software guy through and through. But periodically when I'm taking apart hardware I know to look for JTAG ports and RS232 ports. So far I've always been lucky and have been able to solder on pins to the RS232 port and get a serial…

asked Mar 29 '13 at 18:32

mrduclaw

4,066
8
27
40

32

votes

5 answers

What is a good tools to reverse the effects of Minify on JavaScript?

Are there any scripts and/or online tools that can reverse the effects of minification? I'm specifically looking to unminify a minified JavaScript file. Variable renaming is not a big issue, I want it sufficiently readable to be able to analyze the…

asked Mar 20 '13 at 14:15

WPrecht

816
1
8
16

32

votes

5 answers

Why there are not any disassemblers that can generate re-assemblable asm code?

I am struggling on this problem for around three months: How to use disassemblers (IDA Pro and others...) to generate re-assemblable asm code and assemble it back My experience is that: There is NO tool that can generate re-assemblable asm code on…

asked Mar 06 '14 at 00:50

lllllllllllll

2,485
2
32
50

32

votes

4 answers

Why are machine code decompilers less capable than for example those for the CLR and JVM?

Java and .NET decompilers can (usually) produce an almost perfect source code, often very close to the original. Why can't the same be done for the native code? I tried a few but they either don't work or produce a mess of gotos and casts with…

asked Mar 27 '13 at 10:12

Rolf Rolles

9,198
1
23
33

32

votes

9 answers

Decompiling a 1990 DOS application

I have some crucial data written decades ago by an ancient 16bit DOS application. There are no docs, no source, and no information about the author. Just the 16 bit exe. I guess it's time for me to learn how to decompile stuff, since it seems the…

asked Nov 23 '13 at 08:03

ScumCoder

609
1
7
12

32

votes

5 answers

What is the meaning of movabs in gas/x86 AT&T syntax?

I just found a strange instruction by assembling (with gas) and disassembling (with objdump) on a amd64 architecture. The original amd64 assembly code is: mov 0x89abcdef, %al And, after gas compiled it (I am using the following command line: gcc…

asked Aug 12 '13 at 16:00

perror

19,083
29
87
150

32

votes

5 answers

Why is disassembly not an exact science?

Newbie here. From Wikipedia Disassembly is not an exact science: on CISC platforms with variable-width instructions, or in the presence of self-modifying code, it is possible for a single program to have two or more reasonable disassemblies.…

asked Aug 04 '13 at 13:43

Einar

421
4
3

32

votes

5 answers

How do I acquire SoftICE?

I have seen mentions of SoftICE on various questions throughout this site. However, the Wikipedia article on SoftICE implies that the tool is abandoned. Searching google, I see many links claiming to be downloads for SoftICE, but they seem to have…

asked Apr 01 '13 at 17:53

amccormack

1,326
2
13
29

Most Popular