Highest Voted Questions - Reverse Engineering Stack Exchange

24

votes

1 answer

What's 'fs:[0]' doing and how can I execute it step by step?

In a 32 bits Windows binary, I see this code: push next push fs:[0] mov fs:[0], esp int3 ... next: I see that something happens on the int3 (an error), but I don't understand why, and how to follow execution while keeping…

asked Apr 23 '13 at 12:31

Ange

6,694
3
28
62

24

votes

3 answers

Advantages of OllyDbg 1 over OllyDbg 2

I see that most RE tutorials around the web that give RE examples use OllyDbg 1, even if the tutorial was written after the release of OllyDbg 2. Is there any particular reason for that? Is version 2 too buggy, or were some of the features dropped?

ollydbg

asked Apr 06 '13 at 15:18

Mellowcandle

4,795
6
34
47

24

votes

1 answer

Objdump - How to output text (eg ASCII strings) alongside assembly code?

Aim: I want to take hex and ascii data (derived from a binary file using xxd) and use Objdump (or a suitable other tool that Linux comes with) to output the memory addresses / offsets, assembly code, and text data. Currently I can get the offsets…

asked Feb 12 '17 at 12:05

unseen_rider

365
1
3
8

23

votes

1 answer

Static analysis of C++ binaries

When reverse engineering binaries compiled from C++, it is common to see many indirect calls to function pointers in vtables. To determine where these calls lead, one must always be aware of the object types expected by the this pointer in virtual…

asked Mar 20 '13 at 18:09

user1354557

1,234
1
13
22

23

votes

5 answers

What tools exist for excavating data structures from flat binary files?

Problem Statement I have a file composed entirely of data structures; I've been trying to find a tool that will enable me to open this file, and declare (perhaps) a type and offset such that i may work with the presumed primitive data type…

asked Jan 20 '14 at 04:45

gal

335
1
2
7

23

votes

4 answers

Firmware analysis and file system extraction?

I'm trying to analyse the firmware image of a NAS device. I used various tools to help the analysis (binwalk, deezee, signsrch, firmware-mod-kit which uses binwalk AFAIK), but all of them have been unsuccessful so far. For example binwalk seems to…

asked Aug 28 '13 at 14:14

Moustache

333
1
2
6

23

votes

2 answers

How to reverse engineer simple usb device [windows -> linux]

I'd like to reverse engineer my usb beer-can refrigurator, which does connect via USB on windows and via simple GUI tray-tool can set/query temperature. I was thinking about running virtualboxed driver and capturing usb communications via wireshark…

asked Jul 06 '13 at 00:14

AoeAoe

231
1
3
3

23

votes

1 answer

Get the function prototypes from an unknown .dll

I have an unknown .dll from another program which I want to work with. With DLL Export Viewer I was able to find the exported functions. But to call them I need the information about the parameters and the return type. Is there an easy way to…

asked May 29 '13 at 21:00

samuirai

3,079
4
23
37

23

votes

4 answers

When is applying reverse engineering techniques acceptable?

You all know there are people out there that use reverse engineering techniques to do bad things; this ranges from being able to use paid software for free (cracker) to finding vulnerabilities that allow them to do what they want when they want…

asked Mar 19 '13 at 19:21

Tamara Wijsman

347
2
8

23

votes

1 answer

Analyzing encrypted Android apps (.asec)?

I've been trying to reverse engineer a paid android app that writes out some binary data so that I can export that data into other programs (it's a run/walk timer app, if anyone's curious, and I'm trying to get its GPS traces out). However, it looks…

asked Apr 21 '13 at 03:48

Brendan Dolan-Gavitt

2,888
2
19
37

23

votes

4 answers

Knowledge about CPU hardware

Recently, I have taken the computer organization course that explains in the logic gate level how a CPU works and etc... Up until now I have been treating the CPU as a black box that runs assembly instructions, even when I was learning in my free…

asked Sep 08 '17 at 08:33

user4906231

331
2
3

23

votes

4 answers

What is "overlapping instructions" obfuscation?

I analyzed some binaries in x86/x86-64 using some obfuscation tricks. One was called overlapping instructions. Can someone explain how does this obfuscation work and how to work around?

asked Apr 03 '13 at 08:11

perror

19,083
29
87
150

23

votes

1 answer

How to organize vtables in IDA Pro?

I am using IDA Pro to disassemble a C++ behemoth with 1600+ classes, many of them having pure virtual methods. Some classes also are made up of multiple base classes, in hierarchies 5+ levels deep. Ida PRO supports making structures of pointers, to…

asked Jan 20 '16 at 18:29

speeder

387
1
2
4

22

votes

1 answer

How to debug the DLL of an EXE using IDA Pro?

I'm fairly new to the RE world, started right around a week and have gotten my hands dirty with some really good stuff on this website. Pardon my naive knowledge. Currently, I'm trying to reverse a DLL file of a certain EXE. The EXE makes calls to…

asked Jul 11 '15 at 18:09

Pramod Mohandas

365
1
2
8

22

votes

4 answers

Check if exe is 64-bit

How to check if Windows executable is 64-bit reading only its binary. Without executing it and not using any tools like the SDK tool dumpbin.exe with the /headers option.

asked Aug 08 '14 at 08:42

ST3

849
2
8
25

Most Popular