Highest Voted Questions - Reverse Engineering Stack Exchange

5

votes

1 answer

How to change address in the hex view in IDA debugger?

I'm just learning the IDA pro debugger, so I apologize if this is something simple. Say, if I opened a debugee process and started stepping through it with a debugger (WinDbg) and then want to look up the contents of memory. How do I change the…

asked Jan 28 '16 at 08:15

c00000fd

1,659
3
25
41

5

votes

1 answer

What is the command to "go to current statement" in IDA debugger?

I'm trying to learn how to use the IDA pro debugger (having used Visual Studio's C++ debugger for years) and I'm struggling to find how to switch the code/asm view back to the current instruction that debugger broke on? Similar to the "Show next…

asked Jan 28 '16 at 08:08

c00000fd

1,659
3
25
41

5

votes

2 answers

Radare2 forwarding input to scanf from a file

I'm debugging a file with radare2 and when I come to scanf function I want to forward input from a .txt file. In gdb I would do this by typing r < text.txt. Is something like that possible in radare2? I've tried dc < text.txt but it seems that it's…

radare2

asked Jan 16 '16 at 19:48

newbie

139
2
9

5

votes

1 answer

How can packers work despite mechanisms like Data Execution Prevention?

Modern operating systems have memory protections such as Data Execution Prevention, No Execute bit for Data, Read-only bit for text/code sections etc. I don't understand how packers work when these memory protections are in place. Where do the…

packers

asked Jan 07 '16 at 10:50

anilmwr

153
3

5

votes

1 answer

Why is ASLR not activated though IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE is set?

Even a minimal console Delphi program that has IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE set in its PE image does not use ASLR. GetProcessMitigationPolicy() returns a PROCESS_MITIGATION_ASLR_POLICY of 0. Consequently ProcessHacker (which uses this…

asked Jan 07 '16 at 07:03

musings

51
2

5

votes

3 answers

How to backport Vista program to XP without source code?

Generally when I have Vista application it upgrade few function from kernel32.dll most often being InitializeCriticalSection -> InitializeCriticalSectionEx Is it possibly to backport such? beside changing linker OSVersion. Edit: Just to be verbose,…

asked Dec 31 '15 at 13:38

Kohl Emmert

53
3

5

votes

0 answers

Static Address in Dynamically Loaded DLL

I am trying to re-write the following function in my injected DLL. mov edi,edi push ebp mov ebp,esp mov eax, [sound.dll+1AE0] push eax mov ecx,[ebp+08] mov eax,[ecx] mov eax,[eax+0C] push eax call sound.dll+7C640 pop ebp ret 0004 I am loading my…

function-hooking

asked Dec 14 '15 at 16:36

fred26

319
1
11

5

votes

1 answer

How to read these UV coordinates?

I'm trying to reverse engineer 3D models (cars) from a racing game from 1997 (Test Drive 4). I'm able to extract the 3D mesh and textures, but cannot figure out how UV mapping works yet. There is only one file per car which contains everything (3D…

binary-analysis

asked Dec 03 '15 at 13:28

Midas

51
5

5

votes

1 answer

Understanding subtle differences between addressing modes in X86

I'm trying to have a whole picture of all the possible addressing modes of X86 instructions. Starting from this I studied the Intel IA-32 reference and multiple secondary references found online. I'd like to understand them correctly, so here's my…

asked Nov 30 '15 at 16:46

Jack

195
2
7

5

votes

2 answers

What do the 20 lines of executable code in this exploit do?

I stumbled upon this 31 bytes of Linux x86_64 Polymorphic execve Shellcode, posted by the author "d4sh&r": The code seems to be a combination of assembly and C and looks like this: /* ;Title: polymorphic execve shellcode ;Author: d4sh&r ;Contact:…

asked Nov 26 '15 at 01:22

x457812

153
4

5

votes

0 answers

Reverse engineering an hydrometer's Bluetooth communication

This is a very specific question. I'm currently working on a project to create an android application capable of reading the values of an hydrometer via Bluetooth. By reading the datasheet, I suspect the hydrometer uses a serial communication. First…

asked Nov 17 '15 at 22:53

Rui Lima

135
1
7

5

votes

0 answers

Can IDA generate C code for ASM assembly without the binary?

Lets say I have this picture of some assembly: Now I know how to manual tranform this assembly into C code because it is small but is it possible for IDA to convert this into C code? Ideally I would write parts of the assembly or the entire thing…

asked Nov 09 '15 at 00:47

Mo Beigi

151
1
4

5

votes

2 answers

Reversing Hisense TV Firmware

I am looking for methods to get root on my Linux smart tv. Anyone have any ideas, in order to try extract the kernel config. Hisense is no help when asking for GPL source. I ran metasploit against it and had no luck, it did find some open ports for…

asked Oct 28 '15 at 21:08

Bob R

159
1
2

5

votes

2 answers

Ollydbg terminated while loading dll

When I try to load a DLL of a game client I get this error: How can I completely load this dll?

ollydbg

asked Oct 22 '15 at 13:46

Ranastic

51
3

5

votes

1 answer

Writing an exploit for sample-application

I understand the principles of exploiting a classical stack-based buffer-overflow, and now I want to practice it. Therefore I wrote the following test-application: #include #include #include void public(char *args)…

asked Oct 04 '15 at 15:21

JDoens

63
1
4

Most Popular