Highest Voted Questions - Reverse Engineering Stack Exchange

4

votes

2 answers

Proxy for TCP/UDP connections from embedded device to Internet

I have an embedded device which connects to the Internet using TCP and UDP using custom protocols on a series of ports along with DHCP, DNS, NTP and ICMP pings. It has two interfaces - a GPRS modem and a Ethernet socket. I would like to build a…

asked May 22 '14 at 16:07

Cybergibbons

1,762
2
17
26

4

votes

2 answers

OllyDebugger How to use Find Sequence of commands with wildcard 32bit registers

Lets say I want to find all the MOV EAX, 1234h MOV WORD PTR[EBP+ADDR], AX But it won't be always EAX or EBP+ADDR How do I wildcard search like MOV ???, 1234h MOV WORD PTR[???+ADDR], ?? I tried MOV ANY, 1234h MOV WORD PTR[ANY+ADDR], ANY MOV ?,…

ollydbg

asked May 19 '14 at 18:56

SSpoke

759
1
7
19

4

votes

5 answers

How do you compare C source code with the corresponding binary's assembly in IDA Pro?

I'm wondering if there's a way to compare source code to the disassembled assembly in IDA Pro? (e.g. I compile hello.c in Linux then open the binary in IDA Pro in OS X, and would like to compare the assembly with the source so make it easier to find…

asked May 17 '14 at 01:37

trusktr

173
1
7

4

votes

4 answers

Is it possible to (heuristic) identify the begin addr of main function in a stripped ELF?

So basically I am working on some tripped dynamic linked ELF binaries (32 bit Linux x86), using objdump to disassemble them, modifying and trying to reassemble them. In the unstripped binary, we can get the beginning address of main function based…

asked May 16 '14 at 16:55

lllllllllllll

2,485
2
32
50

4

votes

1 answer

Unpacking a Digi Connect ME bin file

I'm working with a Digi Connect ME serial to Ethernet bridge, which runs a "Plug and Play" firmware by default. The specific product page is here. The part number is DC-ME-01T-S. It appears to be an ARM based board - a NS7520 specifically. This is…

asked May 14 '14 at 09:41

Cybergibbons

1,762
2
17
26

4

votes

1 answer

How to deal with this "error" instructions generated by objdump?

So basically I am using objdump to disassemble a binary from GNU Coreutils, on 32-bit Linux x86. In the disassembled code, I found one "broken" instruction like this: 804b4db: ff 24 85 e4 09 05 08 jmp *0x80509e4(,%eax,4) It seems like…

asked May 07 '14 at 19:51

lllllllllllll

2,485
2
32
50

4

votes

4 answers

Why addresses of variable on stack are not consecutive?

The code below is generated by gcc from a simple scanf program. My question is that Why these 3 addresses of variables are not consecutive when allocated? If not, when could I speculate the number of variables generated from stack by watching…

asked May 03 '14 at 16:52

upton

226
1
9

4

votes

1 answer

IDA Pro C dump for Decryption function

I have been battling this infection I got that encrypts my files in 512 byte chunks with a friend. We have managed to find the Decryption function we think in IDA (the code is heavily obfuscated) from a user who paid for the decrypter. Below is the…

asked Apr 27 '14 at 20:16

user3546043

113
4

4

votes

4 answers

Tools to show the registers and memory locations in use during execution?

I am looking for something that is like gdb but maybe with a GUI that can show all registers current values ans the current values of memory and things on the stack? Freeware is preferred. I have a free version of IDA and anything that comes with…

asked Apr 29 '14 at 20:42

user4466

4

votes

1 answer

registers set by function

How can I figure out which general-purpose registers are modified by a function call. I am programming a Win32 Assembly program that calls IsDebuggerPresent(). According to MSDN, it will return a boolean value of nonzero is a debugger is present.…

asked Apr 29 '14 at 00:58

Penguin

113
1
3

4

votes

1 answer

IDA PRO repairing stack variables / local variables hex-rays with arrays and proper types / structures any scripts/plugins?

IDA PRO's Hex-Ray gives me these variables. void *v7; // esp@1 const char *v8; // ebx@1 PLAYER *v9; // ebp@1 int v10; // edi@5 PLAYER *v11; // edx@6 int v12; // ecx@9 int v13; // esi@17 int v14; // eax@33 const char v15; // al@36 …

asked Apr 22 '14 at 01:07

SSpoke

759
1
7
19

4

votes

4 answers

Disassembling MIPS Binaries

I am searching for security vulnerabilities in the firmware of this router, its architecture is mips. I have successfully unpacked the file system. I would like to disassemble the http daemon, located at /usr/sbin/httpd. How can I disassemble this…

asked Apr 08 '14 at 19:04

0xcaff

257
1
3
8

4

votes

3 answers

Can not continue debugging after SIGTRAP

I am trying to debug an iOS app with gdb and when I hit a breakpoint I get this error, and can not continue. Program received signal SIGTRAP, Trace/breakpoint trap. [Switching to process 190 thread 0x6fa7] 0x000ae150 in dyld_stub_pthread_key_create…

asked Mar 27 '14 at 01:36

Nikola C

143
1
4

4

votes

1 answer

Reverse engineering, code extraction, and lock bits

For one of my projects I am interested to see how someone else implemented their concept. I wanted to tap onto their microprocessor and read that code. First question I have, if I am to solder wires to the pins of the microprocessor, to which ones…

object-code

asked Mar 26 '14 at 13:19

KingsInnerSoul

173
4

4

votes

1 answer

Getting to the entry point using radare2

How do I get to the entry point of a .exe file using radare2? I tried using aa then [email protected], but a prompt showed saying "Cannot find function at 0x00000000"

radare2

asked Mar 24 '14 at 11:59

damat-perdigannat

227
4
7

Most Popular