Highest Voted Questions - Reverse Engineering Stack Exchange

5

votes

2 answers

IDA Pro list COM methods

I have a dll file, containing some exported functions and COM methods. Here is my dll information opened by DLL Export Viewer: But when i open the dll file in ida pro, i see just exported functions and none of COM methods are listed. How I can…

asked Aug 14 '16 at 11:13

newmrd

51
1
2

5

votes

2 answers

How to get IDA Pro to understand a virtual function table?

I'm reversing an old DirectDraw game that uses DirectX 7. I have a LPDIRECTDRAWSURFACE7 g_lpDDSBack and g_lpDDSBack->BltFast is being called but this is how it is decompiled in HexRays: (*(int (__stdcall **)(struct IDirectDrawSurface7Vtbl *, int,…

asked Jul 14 '16 at 04:34

user16729

51
2

5

votes

2 answers

Thought I found serial port - broke embedded device instead! Help?

Well another weekend has gone by and my tinkering has caused another device to (potentially) bite the dust. I've been playing around with a couple of Slingboxes, an M1 and a 500. Today was the M1. I had taken it apart (quite easily!) and poked…

asked Jun 06 '16 at 02:32

justin

475
6
13

5

votes

3 answers

Segmentation fault while pushing onto the stack

So I have been following some tutorials on assembly and the instructor compiles the following code: ;hello3.asm attempts to make the code position independent section .text global _start _start: ;clear out the registers we are going to need xor…

asked May 27 '16 at 22:53

Dhayalan Pro

157
1
5

5

votes

2 answers

Mapping Android resource IDs to resource string

I'm trying to reverse engineer an Android app. I've tried using several decompilers, and while I'm getting java source codes to varying levels of accuracy, I'm not able to convert the resource IDs to the resource strings. In the Java source, all I'm…

asked May 25 '16 at 02:15

user1118764

359
1
5
9

5

votes

2 answers

reverse engineering methodology

I'm new to reverse engineering and I'm following the on line course provided by the opensecurity.info site. The author provides a methodology for reverse engineering. He recommends to find a function of interest and pseudo code it. From the wording…

functions

asked May 17 '16 at 16:31

Othman

151
2

5

votes

3 answers

QEMU & router firmware

I'm trying to get the router firmware (binary) running on QEMU (if that is possible). All networking is set up fine because I've tested it using the debian_wheezy_mips_standard.qcow2 sudo qemu-system-mips -M malta -kernel vmlinux-3.2.0-4-4kc-malta…

asked Apr 29 '16 at 14:49

user15945

51
1
2

5

votes

3 answers

IDApython and IDA-decompiler commenting

Looking at the functions exposed by idaapi I see that functions like the following are exposed. get_user_cmt set_user_cmt save_user_cmts As these functions are exposed I'm hoping that I have a way to add comments onto the hex-rays decompiler using…

asked Apr 18 '16 at 19:59

user1743

5

votes

1 answer

Reverse engineering Android vendor system apps

I'm trying to reverse engineer certain Samsung system apps in the Galaxy S6 firmware system image, such as KnoxAttestationAgent.apk. I'm a noob when it comes to reverse engineering, and so far my attempts have been unsuccessful. Here's what I've…

asked Apr 11 '16 at 08:23

user1118764

359
1
5
9

5

votes

3 answers

xcList of x86/x64 instructions that implicitly access registers

So I am looking for a list of instructions that implicitly do stuff like reading or writing to registers. Obvious ones would be push/pop modifies esp, pushad accesses all but I'm sure there are more. Does someone know of a comprehensive list? edit:…

asked Apr 08 '16 at 16:09

bernd feinman

463
1
3
10

5

votes

0 answers

I'm trying to debug small mips code snippets in IDA with QEMU as debugger, but only NOP instructions show when I start the process

I followed the tutorial IDA Help: Debugging code snippets with QEMU. It always worked with ARM code, but now I have to reverse some MIPS and only nops are displayed like this: Should I adjust something on the memory map? As you can see, the code is…

asked Feb 25 '16 at 10:46

Attila Szasz

51
2

5

votes

1 answer

How to display dump data in IDA Debugger?

Bit of a noob question, I'm working through some examples on crackmes. In Ollydbg and x64dbg, in the stack, disassembler and registry windows, there are texts to show values of memory locations, for instance: I would have thought IDA would have had…

ida

asked Feb 23 '16 at 22:35

JamieS

59
2

5

votes

1 answer

Question about Keeloq - A car remote control standard

I have a question about Keeloq security. I have an original car remote controller (BFT Mitto 2) and I know this chip uses HCS301 with Keeloq implementation. I would like to clone this remote for my girlfriend because it's very expensive to buy a new…

asked Feb 10 '16 at 16:35

konova

5

votes

1 answer

Obfuscated AES decryption assembly

I have recently been sifting my way through a whole load of assembly to try to identify how a program is decrypting some data. Thus far I have identified how the IV is extracted, that the IV is 16 bytes long and that the decryption method uses…

asked Feb 09 '16 at 11:52

Joshua

109
7

5

votes

1 answer

In Ollydbg, how do I change the path to a source code file without recreating entire directory structure?

I am bring a .EXE, a .PDB, and a source code .C file into my computer and attempting to look at my program in Ollydbg. I am compiling C programs on one machine (XP Vm actually) and running them in Ollydbg 2.01 in Windows 7 on another machine. I…

asked Jan 30 '16 at 01:05

Markbotix

169
1
11

Most Popular