Highest Voted Questions - Reverse Engineering Stack Exchange

4

votes

1 answer

IDAPython on OSX

I wrote a simple IDAPython script that relies on some non-standard Python library. I'm able to build the library on Windows and run the script in IDA without issue. When I try to do this on OSX, IDA complains that the 3rd-party library doesn't…

idapython

asked Mar 21 '14 at 18:52

mrduclaw

4,066
8
27
40

4

votes

2 answers

How does Ollydbg obtain the memory map (alt+m)?

I've been looking for any Windows functions to view or dump memory, or the process to do this manually. I can not find info on this anywhere online. How would I get a dump of a process's memory like the one in Olly's memory window? Edit for…

asked Mar 19 '14 at 18:05

douggard

193
7

4

votes

2 answers

How does Kernel Detective check if API functions are hooked?

One of the many features of Kernel Detective is the possibility to retrieve the original addresses of the native apis functions implemented in the driver win32k.sys and checking if they are hooked. What are the possible ways to achieve the same ?

kernel-mode

asked Mar 15 '14 at 23:30

user4170

95
1
5

4

votes

1 answer

Potentially non-standard SPI communication

I am looking at a SPI EEPROM chip on board which is unfortunately hidden under an epoxy blob. However, I was able to determine the pinout thanks to the silkscreen. Dumping the EEPROM with a Bus Pirate, I figured that the EEPROM is 16K since the…

asked Mar 13 '14 at 06:15

mncoppola

1,388
1
10
9

4

votes

2 answers

How to set up IDA as the system's JIT Debugger?

I'm trying to trace a system timeout (probably RPC related) that kills the debugging session. It occurs right after IDA loads and rebases an executable. It happens only when debugging a 64-bit program using IDA's remote debugger in the same machine…

ida

asked Feb 16 '14 at 09:52

kanenas

53
5

4

votes

1 answer

Enumerate all XefsTo a Segment in IDAPython

What is the best method to enumerate all xrefs to addresses in a particular segment? I came up with a brute-force approach (as seen below). The code scans each address in a segment and checks for an XrefTo the address. seg_list = [] for seg in…

idapython

asked Feb 12 '14 at 17:49

alexanderh

1,062
8
14

4

votes

1 answer

Disable ASLR on android 4.0.3

I would like that a shared library is always loaded at the same address on Android 4.0.3. I can't seem to disable the ASLR using: echo 0 > /proc/sys/kernel/randomize_va_space Running cat /proc/sys/kernel/randomize_va_space indeed shows 0, but…

asked Feb 12 '14 at 17:10

Hinko Kocevar

41
1
3

4

votes

1 answer

Runtime memory reading with injection

I'm reversing an application written in C. I have a certain function that I want to log runtime, without pausing/stopping the application. My desired values of that function are: [ESP + 4] which is the length of a buffer [ESP + 8] which is a…

asked Feb 05 '14 at 11:46

Dominik Antal

2,038
22
39

4

votes

2 answers

64 bit Pseudocode decompiler

I have a 64 bit program im debugging. I found the function i need to learn more about to potentially "fix" the problem (there is no source code available for the program). To speed things up, i wanted to decompile and go over it in pseudocode as…

asked Feb 01 '14 at 19:52

Agony

143
1
1
3

4

votes

1 answer

Difference Between Binary Exploitation and Reverse Engineering?

I am a beginner in Reverse Engineering and am trying to improve my skill by participating in any CTF's I can and solving CrackMe's. I am trying to find out why Binary Exploitation and Reverse Engineering are always separated as two different…

asked Jan 25 '14 at 11:34

bi0s.kidd0

143
1
4

4

votes

1 answer

How do I trace instructions in an Immunity Debugger PyCommand?

This sounds like a very simple thing to accomplish but I can't seem to get it working. I'd like to run a part of a program in ImmDbg instruction by instruction and keep track of some actions that it performs (which jumps it takes, when registers are…

asked Jan 13 '14 at 11:01

Sigill

41
2

4

votes

3 answers

Could not find main function in IDA pro?

I have newbie question that concerns IDA pro and Visual studio 2010. Basically I started a new "Empty Project" in VS 2010 and added a main function to the .cpp file. Then I compiled it to binary and opened up the binary using IDA Pro. However, I…

asked Jan 13 '14 at 02:36

Mark

253
1
3
7

4

votes

1 answer

IDA Pro/IDA Python, producing file via terminal

I am using IDA Pro 6.5 and running it via terminal with the following command line switches: -B (to run in batch mode, should automatically generate a .asm file containing results) -S running a script in which the only functionality is to convert…

asked Jan 07 '14 at 17:09

user3119546

495
4
14

4

votes

2 answers

IDA Pro converting to instruction functionality: how to automate.

I am loading various files that read into IDA as binary. Once I have the GUI in front of me I am able to go through the segments and hit "c" in order to convert to instruction/code. However, I am primarily trying to do all my ida work via linux…

asked Jan 07 '14 at 13:58

user3119546

495
4
14

4

votes

3 answers

Cannot call function (properly) in ollydbg

I need some help regarding calls in assembly with Ollydbg. I'm messing around with a simple application. So far, so good, I created a codecave for myself to add some code. But whenever I try to create a call to a function outside my debugged…

ollydbg

asked Jan 07 '14 at 00:49

Dennis van den Berg

193
1
5

Most Popular