Highest Voted Questions - Reverse Engineering Stack Exchange

13

votes

5 answers

Malware in virtual machines

Once I perform static analysis on a malware sample, I next run it in a virtual machine. Does this give the malware a chance to spread to the real machine? Does this give the malware a chance to spread across networks? What steps/tips can I follow…

asked Jul 22 '13 at 00:48

Higet

437
4
8

13

votes

1 answer

Extracting strings from Go binaries

Is there an easy way to extract all of the strings from Go binaries that will work cross architecture? The problem with Go is that strings are stored without a null terminator, so you can't use the "strings" command plainly. I found two solutions so…

asked May 13 '20 at 09:37

Drxxd

231
2
6

13

votes

2 answers

What is the algorithm used in Recursive Traversal disassembly?

Disassembling binary code is a quite difficult topic, but for now only two (naive) algorithms seems to be broadly used in the tools. Linear Sweep: A basic algorithm taking all the section marked as code and disassembling it by reading the…

disassemblers

asked Jun 26 '13 at 15:34

perror

19,083
29
87
150

13

votes

5 answers

Freely available resource hacking applications

I am using Resource Hacker as a tool to extract out resources like icon, images, etc. from .dll or .exe file. In addition, I am using it to crack some small Windows application. However, it does not work with all Win32 Application, especially with…

asked Jun 25 '13 at 08:20

khk

293
3
5
16

13

votes

1 answer

How should I approach reverse engineering this text encoding?

So I'm trying to hack the translation from the PS4 version of a game into the Vita version. The script files were conveniently uncompressed, and I was able to drop them in and have it working without a hitch - great! However, various other message…

encodings

asked Dec 10 '18 at 12:10

Celandine Crane

133
1
4

13

votes

2 answers

Better explanation of different x86 CALL variations

Hoping to get a better explanation of x86 call instruction. I sort of understand the call near and call far. But I don't fully understand the segment part. A little insight into my main problem, I am looking at a binary in IDA and its start code…

asked May 03 '13 at 15:50

k0ng0

491
2
4
11

13

votes

5 answers

How do you store your data about a binary while performing analysis?

Since now, when I am analyzing a binary, I'm using a "pen and paper" method to locate the different location of the function, the different type of obfuscations, and all my discoveries. It is quite inefficient and do not scale at all when I try to…

asked Apr 27 '13 at 09:29

perror

19,083
29
87
150

13

votes

3 answers

Locating Linux Kernel Symbols on ARM

Igor posted a great answer previously on SO about the format of the Linux kernel image on ARM. Assuming I can't boot my kernel image, can someone give me pointers on finding this compressed symbol table in the binary?

asked Apr 24 '13 at 16:47

mrduclaw

4,066
8
27
40

13

votes

4 answers

How can breakpoint be set using offset in ELF file, not virtual address?

First, generate a simple executable. (ignore the warnings, the executable runs anyway) echo 'main(){puts("123");}'|gcc -x c - -o a Load it with gdb a, then: (gdb) info file Symbols from "/home/user202729/PINCE/a". Local exec file: …

gdb

asked Jul 30 '18 at 05:04

user202729

675
1
4
14

13

votes

2 answers

IDA Convert to Unicode

In IDA 5.0 Freeware how do you convert a block of data into a unicode string, the only thing I can find is to convert it into an ascii string. db 'a' db 0 db 'b' db 0 db 'c' db 0 db 'd' db 0 db 0 db 0 into unicode , 0

asked Apr 12 '13 at 03:37

Avery3R

1,258
1
12
31

13

votes

4 answers

Binwalk alternative

When examining bin firmware files Binwalk is an extremely helpful tool. There are times though that Binwalk comes up empty and a lot more digging is required to make sense of the data. Are there any alternatives to Binwalk that might work better in…

firmware

asked Jan 23 '18 at 17:35

pzirkind

437
1
5
9

13

votes

4 answers

What are the best practice methods for documenting research into the reverse engineering of a file format?

I a conduct research requiring the reverse engineering file formats, and I am currently looking at ways of documenting that work. On the web you will find resources that use box diagrams and free text. For example, this attempt to look at Microsoft…

asked Apr 05 '13 at 00:21

Ross Spencer

233
1
7

13

votes

0 answers

Problems calculating checksum for AirConditioner

I am trying to reverse engineer an AC Indoor unit <-> thermostat communication. So far I've succeeded in parsing the bits and bytes. I discovered that the upper and lower nibbles need to be reversed to get consecutive values for temperature values,…

asked Dec 27 '16 at 21:43

stinger151

131
2

13

votes

3 answers

Thread Injection on OSX

Much reverse engineering has been done on Windows over the years leading to great undocumented functionality, such as using NtCreateThreadEx to inject threads across sessions. On OSX the topic of thread injection seems relatively uncharted. With…

osx

asked Mar 31 '13 at 01:32

mrduclaw

4,066
8
27
40

13

votes

3 answers

How to prevent use of Resource editors

There are variety of tools that allow editing the resources of Windows executables. These tools allow a very easy interface for changing the programs look and feel. Replacing icons, text, menus can be easily done without any knowledge in…

asked Mar 30 '13 at 08:03

Mellowcandle

4,795
6
34
47

Most Popular