Highest Voted Questions - Reverse Engineering Stack Exchange

18

votes

5 answers

Is there any simple open source Windows packer?

There are great questions here about different types of packers and that is very interesting to me. I would like to try my hand at reverse engineering one. Since I am very new to this, I would like the source code as well. I am hoping that by…

asked Apr 15 '13 at 22:13

mikhailzhan

183
1
5

18

votes

6 answers

In what industries is [code] reverse engineering used?

While we all know what fun reverse engineering of code can be, I am wondering what legitimate industries, besides the anti-X industry, reverse engineer code? While this may sometimes be needed in many technical roles, I am speaking more of jobs…

asked Apr 14 '13 at 17:42

dyasta

4,188
3
13
17

18

votes

1 answer

Debugging with radare2 using two terminals

I have been trying to figure this out for quite some time now, and would really need some help. Firstly, some intro: I am running the newest version of radare2 from Github on a 64bit Ubuntu 16.04 and have the following sample program…

asked Sep 28 '17 at 07:07

ubnix

1,073
7
15

18

votes

4 answers

Server-side Query interception with MS SQL Server

I'm researching into intercepting queries that arrive at the SQL Server 2008 process. SQLOS architecture is divided in the following system DLLs: sqlmin.dll: Storage, replication, security features,etc. sqllang.dll: TransactSQL query execution…

asked Apr 05 '13 at 19:45

Hernán

283
2
5

18

votes

4 answers

How to generate the call graph of a binary file?

I have a non-stripped ELF binary for which I want to create a call graph as a dot file. Is there such a tool which generates the call graph? EDIT: Is there away in addition to the conventional call graph to find a call graph between libraries based…

asked Aug 13 '17 at 02:58

0x90

677
2
7
19

18

votes

6 answers

What is a free & open source alternative to IDA Pro for MacOS?

I am looking for a free & open source alternative to IDA Pro runs on MacOS - the suggestions should have as close to the features of IDA as possible. I should also be able to edit an executable that I am debugging (i.e. change/remove things).

asked Jul 23 '17 at 03:31

user20964

18

votes

1 answer

Approach to extract useful information from binary file

The purpose of this question is to gain an understanding of the concepts behind reverse engineering and to understand what approaches may be taken to extract useful information from a binary file. I've obtained an .hex file. Then I've converted it…

asked Mar 24 '17 at 18:56

Light123

195
1
1
7

18

votes

3 answers

Automated tools for file format reverse engineering?

Are there any tools available to help automate the process of reverse engineering file formats? In particular, I'm interested in tools that use dynamic analysis of an application to parse the format, and less interested in visualization or hex…

asked Mar 27 '13 at 17:17

Brendan Dolan-Gavitt

2,888
2
19
37

18

votes

2 answers

In which language is the BIOS written?

As I understand, the BIOS code/bitstream that held in the ROM should be generic (work alongside with multiple CPU types or ISAs). In addition, I saw mentions in the web that claim to have the possibility to dump it's code (and to 'disassemble'…

asked Sep 30 '15 at 12:36

Reflection

403
4
7

17

votes

2 answers

"Raw" offsets to "disassembler" offsets?

This is a very silly question, but surprisingly I've had a problem with this today. In a hex editor, I've found an offset and I wanted to take a look at that code in a disassembler. In the hex-editor, the offset is EBE75, and it looks like…

asked Jan 19 '15 at 10:45

user4520

595
8
21

17

votes

4 answers

What are the essential IDA Plugins or IDA Python scripts that you use?

I'm a bit of a novice with IDA Pro, and have been discovering some of the excellent plugins available from the RE community as well as its vendors. My small list of plugins that I have found extremely valuable to me are: Hex-Rays Decompiler…

asked Mar 20 '13 at 12:57

Mick

7,562
3
26
40

17

votes

4 answers

Obfuscating JavaScript with zero-width characters - pros and cons?

This comes from comments on a question on StackOverflow about JavaScript Variables: Why aren't ◎ܫ◎ and ☺ valid JavaScript variable names? JavaScript accepts zero-width characters as valid variable names, for example all three of these variables have…

asked Mar 20 '13 at 12:06

James Donnelly

273
2
9

17

votes

3 answers

Parsing/Rescuing corrupted IDA database

I'm reversing an application with IDA. My VM crashed and left the IDA database in a corrupted unpacked state. The next time I tried to load it back, IDA gave me the following error message: The input database is corrupted: CRC32 mistmatch.…

asked Jan 13 '14 at 17:11

Dominik Antal

2,038
22
39

17

votes

2 answers

Intercepting GSM communications with an USRP and Gnu Radio

I would like to know what is needed to intercept GSM communications with an USRP (Universal Software Radio Peripheral) and using Gnu Radio. Is there tutorial about that ? What type of USRP is recommended ? Where to find technical documentation…

asked Oct 27 '13 at 07:15

perror

19,083
29
87
150

17

votes

1 answer

COM interface methods

I'm reversing malware and it uses COM, which I evidently don't know. My question is how to find out what method is called using ppv (and objectstublessclient?) push offset ppv ; Address of pointer variable that receives the interface pointer…

asked Sep 22 '13 at 13:25

astrophonic

173
1
5

Most Popular