Highest Voted Questions - Reverse Engineering Stack Exchange

12

votes

3 answers

Why is there in a nop in the while loop

So I have the following C code I wrote: #include int main() { int i = 1; while(i) { printf("in loop\n"); i++; if(i == 10) { break; } } return 0; } Compiled with gcc…

disassembly

asked Oct 03 '13 at 21:28

Sindre Smistad

175
7

12

votes

3 answers

Why is JMP used with CALL?

I am trying to analyze an old malware sample in OllyDbg. It has instruction of the format CALL I am not an expert in Assembly. I know that CALL is used to call a sub-routine and JMP is used to jump to a…

asked Sep 29 '13 at 15:53

TheRookierLearner

295
1
7

12

votes

4 answers

Why do reversers nowadays reverse engineer using decompilers and not disassemblers?

I see many reverse engineering lessons and every second person does reverse engineer using Ghidra decompiler and not disassembler as both are available in the same platform. I assume that reversing using decompiler is easy than…

asked Feb 03 '21 at 12:49

Ramesses II

323
3
10

12

votes

1 answer

Virtual Machine escape through page faults

The trapcc project on Github by Sergey Bratus and Julian Bangert claims that using the Turing complete capabilities of x86 MMU it is possible for a code to escape the virtual machine using a single instruction (Move, Branch if Zero, Decrement). It…

virtual-machines

asked Aug 14 '13 at 14:51

viv

784
1
4
17

12

votes

2 answers

Encrypted Mach-o binary cannot be disassembled/traced with GDB

I'm trying to analyze an encrypted Mach-O binary (non-iPhone one), and I am observing the following strange behaviors: when I load this binary into GDB and try to disassemble the code at the address indicated by the entry point, GDB returns garbage…

asked Jul 26 '13 at 18:36

user1815381

311
2
6

12

votes

3 answers

Reversing network protocol

I have a DVR that sends video over Ethernet using its own propriety TCP protocol. I want to write a VLC module to view the video, rather than the supplied DxClient.exe. I have captured traffic in wireshark and attempted to reverse engineer the…

asked Jul 14 '13 at 22:31

Jamie

233
2
6

12

votes

5 answers

Artifacts similar to "@YAXPAX@" within memory and IDA sessions

When reversing binaries and parsing memory, I often run across strings like "@YAXPAX@" used to reference procedures. Is there a name for this type of convention? I believe theses strings are symbol references.

asked Jul 01 '13 at 15:03

rekav0k

123
1
7

12

votes

3 answers

ARMv8 (AArch64, ARM64) opcodes list

I'm sorry for such as questions where answer would seem to be easily searched in google... Some time ago I have seen table/list of ARMv8 instructions with opcodes and it was perfect, but I lost link. Now I'm trying to find at least some sources…

asked Jan 17 '20 at 14:43

Olvin Roght

355
1
3
12

12

votes

1 answer

concat22 in ghidra decompiler

Some portion of code I am analyzing gets decompiled as below in ghidra: if (((*puVar8 == CONCAT22(DAT_0040a37a,DAT_0040a378)) && (*(uint *)((int)puVar9 + 6) == (CONCAT22(DAT_0040a37e,DAT_0040a37c) | (int)DAT_0040a37a >> 0xf))) && …

asked Oct 09 '19 at 00:53

Gaurav Sehgal

223
2
5

12

votes

2 answers

How to find arrays of objects (entities, enemies) in a game I'm reversing with Cheat Engine?

I am reversing a game using Cheat Engine and OllyDBG, through this memory addresses within an FPS game are read and monitored, these addresses will contain the coordinates(xyz) of enemies. My Objective is to find an address or a pattern that will…

asked Jun 03 '13 at 06:13

Daniel Filipe

223
1
2
5

12

votes

3 answers

Trying to reverse engineer dump of a timestamp

I have the following hex parts and I have a strong suspicion that behind them is a date of an event: 2013.05.23 20:35:00 08014273ed2071a6800017 2013.05.23 21:45:00 08014273ed246cf0000017 2013.05.24 17:10:00 …

asked Jun 01 '13 at 10:36

Salvador Dali

223
1
6

12

votes

1 answer

What is import reconstruction and why is it necessary?

When reading about unpacking, I sometimes see an "import reconstruction" step. What is this and why is it necessary?

asked May 30 '13 at 22:15

user2142

1,537
2
14
17

12

votes

3 answers

Hooking functions in Linux and/or OSX?

I want to hook functions in a library (lib.so or lib.dylib) from another process. I know that unlike windows libraries, libraries in Linux and Mac still have their symbols (function names and parameters). API Monitor allows you hook exported…

asked May 27 '13 at 04:09

TerryW

121
1
4

12

votes

1 answer

Where can I find tools for reverse engineering Lua

Since Lua is an interpreted/compiled language that its own compilers and isn't usually translated/compiled with a C compiler. What tools should be used to reverse engineer an application written in Lua?

asked May 16 '13 at 16:17

cb88

2,320
2
18
33

12

votes

1 answer

How are stripped shared libraries linked against?

Lately I've been reversing the Android framework for the Nexus S mobile phone. 99% of the source code is of course open, but there are few propriety shared libraries which needs to be downloaded in order to compile the operating system. These shared…

asked May 11 '13 at 10:09

Mellowcandle

4,795
6
34
47

Most Popular