Highest Voted Questions - Reverse Engineering Stack Exchange

4

votes

3 answers

compiled binary - what do disassembled instructions correspond to in C/C++ source (Linux GCC)

sorry about the messy title! Basically here's what I want to know. This might sound a bit silly but, if you have a disassembled instruction say: jz 0x8048e1a and you also have the source code, how do you go about figuring out what this instruction…

asked Jul 02 '14 at 14:57

Faheem

191
1
1
6

4

votes

1 answer

ELF counterpart for IDA Pro PE utilities

I'm interested in patching ELF files using IDA and the following PE utilities have proven very useful for patching PEs. Does anyone know if there are some publicly available IDA scripts similar to Atli Mar Gudmundsson's set of PE utilities, but for…

asked Jul 07 '14 at 12:23

Benny

828
7
18

4

votes

0 answers

How to find a login packet structure (client-side only)?

As Google did not yield any results, I decided to ask it here. I'd like to reverse the login sequence of a game (using gamespy). In this login sequence, first the game uses the gamespy protocol (that can be easily resolved with Aluigi's…

asked Jul 03 '14 at 19:36

Speed

41
1

4

votes

6 answers

How to match disassembled instructions back to C/C++ source?

Basically here's what I want to know, if you have a disassembled instruction say: jz 0x8048e1a And, you also have the source code. How do you go about figuring out what this instruction relates to in the source code ? At the very least, would it be…

asked Jul 02 '14 at 15:15

Faheem

191
1
1
6

4

votes

2 answers

Setting an IDA function pointer in a struct via script

The ordinary, manual way of redefining a struct member to become a function pointer would be to press on it, hit 'Y', and enter the proper declaration in the popup box. For example, for struct member fncQuery, I would change the string to: BOOL…

asked Jul 01 '14 at 16:52

Sleeptime

147
1
8

4

votes

1 answer

Can EiNSTeiN "ida-decompiler" be linked into The IDA Free version?

Is it possible to change the configuration of IDA Free so that Python may be linked into it to allow Python plugins to be used also? And, does anyone know if the EiNSTeiN ida-decompiler works under IDA Free? I read that ida-decompiler is for…

decompiler

asked Jun 28 '14 at 19:02

user4069

151
1
3

4

votes

3 answers

How to use IDC to clear output window in IDA Pro?

As a beginner I'm trying to use IDC to clear output window in IDA Pro,but I don't know which function will work. My IDA Pro version is 6.1.

ida

asked Jun 25 '14 at 01:38

user6903

411
4
11

4

votes

3 answers

IDAPython: Get struct id defined at an address

Spotted an interesting problem when trying to determine which type of structure (since isStruct(getFlags(ea)) returns True) is defined at the given address in the DB. Reading through idc.py didn't help much. Define a struct in the "structures"…

idapython

asked Jun 24 '14 at 14:06

Dmitry Janushkevich

493
3
14

4

votes

2 answers

Image base of unknown file format?

As a beginner I'm trying to load an unknown format binary file with IDA Pro,but I don't know the Image Base of this file. Are there any methods to get the Image Base. Could you also reference related papers in your answer.

asked Jun 23 '14 at 03:13

user6903

411
4
11

4

votes

2 answers

Manipulate EIP in Immunity Debugger

I just was playing around with Windbg, debugging some application. At some point I had to manipulate EIP which was pretty easy in Windbg. But then once I switched back to Immunity, I could not figure out how to do the same thing. Is there some way…

asked Jun 13 '14 at 09:05

Dirk

443
1
5
13

4

votes

2 answers

Corpus Distillation

Anyone know of any tools or scripts that can help in corpus distillation ? I know of Peach Minset, but not other than that. Appreciate if anyone could share.

asked Jun 08 '14 at 20:49

d123

201
1
6

4

votes

1 answer

How can a format string vulnerability be used to write a specific string into memory?

I think I understand how a format string vulnerability works, but what I have seen so far it can only be used to increase the value of an integer. Can format string vulnerability also be used to write anything else? And, by the way, are there…

asked May 30 '14 at 15:31

newbie2463465

43
1
3

4

votes

0 answers

Need help figuring out compression used on a PKDPX file from a Nintendo DS game

So, I've been working on reversing several file formats from the Nintendo DS game Pokemon Mystery Dungeon: Explorers of Sky. So far most formats were pretty easy to reverse, until I stumbled on a compressed format using a header I've never seen in…

asked May 29 '14 at 17:16

Psy_commando

41
2

4

votes

2 answers

Where the pointer to virtual function table is located?

I used to think that the pointer to the Virtual Function Table (VFT, also Virtual Method Table, VMT) is the very first 32-bit word of the object binary representation. But now I see a VFT whose index is 13 (!!!!), that is, offset=0x34. (I write…

asked May 23 '14 at 12:58

18446744073709551615

595
1
6
16

4

votes

5 answers

Transforming an assembly line into C

When I see the assembly line: MOV ESI, DWORD PTR DS:[EBP+0x8] And, when Ollydbg shows me that [EBP+0x8] = 00000000, then can I write it in C like this: int *esi = NULL; Or, should I use the stack address EBP + 0x8 which is 0x0012FF43 and write…

asked May 23 '14 at 01:41

user3097712

1,541
1
25
44

Most Popular