All Questions
Tagged with assembly reverse-engineering
747
questions
3
votes
0
answers
43
views
Strange behaviour of Capstone disassembler when running a simple example
I played with Capstone disassembler and found strange behaviour.
I created a simple program, which takes notepad.exe (x86-64 PE), disassembles its .text section and prints the disassembly line by line....
- 91
0
votes
1
answer
50
views
Data and Stack Alignment in 64-bit ELF Executables
I have these variables declared at the beginning of the main function:
char v4[44];
int fd;
void *buf;
int v7;
Debugging the executable (64 bit), I noticed that there is an 4 byte padding ...
- 21
0
votes
0
answers
65
views
Python virtual machine and bytecode
I am trying to fully understand the structure of PYC file. But I can't understand how FLAG_REF works and what it affects, its meaning.
https://github.com/python/cpython/blob/3.6/Python/marshal.c#L952
...
0
votes
0
answers
38
views
making a serial number in assembly with reverse engineering
I have an assembly code that you should enter an input and after that with some operating on it, it makes a serial number when you enter a serial number as an input the congratulation message will ...
0
votes
1
answer
58
views
How can I write my C code so the resulting ASM uses instructions that load smaller data chunks?
I'm decompiling a PS2 game that was shipped as a debug build. To verify that my C code matches the original, I compile it using the compiler that was originally used (Metrowerks CodeWarrior), ...
- 169
3
votes
1
answer
77
views
Disassembling: How can I retrieve the address of a module's global variable via a function?
const char* BotArgs[4]
bool UseBotArgs
Knowing this function's address, is it possible to retrieve the address of these global variables as well? If yes, I would also like to know how to get the ...
- 63
2
votes
1
answer
157
views
How does msfvenom shellcode actually work to execve sh -c ls
MOV RAX, 0x68732f6e69622f
CDQ
PUSH RAX
PUSH RSP
POP RDI
PUSH RDX
PUSH 0x632d
PUSH RSP
POP RSI
PUSH RDX
CALL FUN_0000001e
INSB RDI, DX
JNC FUN_0000001e
FUN_0000001e:
PUSH ...
- 21
0
votes
1
answer
101
views
How to translate from mips assembly code to C
So I was given the assembly code you see and I did translate it almost correctly but one thing is wrong according to the solutions I provided down here. In the inner for-loop you can see that they ...
- 13
1
vote
0
answers
70
views
Bypass "il2cpp external wbarrier tracker"
Does anyone know what il2cpp_gc_set_external_wbarrier_tracker is and how to bypass it? Every time I hook my function, the application crashes (I'm sure it's because of this anticheat func, not because ...
- 11
0
votes
0
answers
452
views
What does add [rax],al mean in x86_64 assembly and what mnemonic description does it fit in?
I was doing some reversing with cheat engine and i came across these add [rax],al instructions which seemingly do nothing (i may be incorrect), it seems that after every ret instruction these add [rax]...
- 21
0
votes
0
answers
53
views
Reverse eneneering a password for an archive from Armv7 assembly for projet 1200
This is my first time ever posting here - please be gentle. I get a lot of useful tips from this site when I search Google for problems unrelated, and it seems like everyone here has a pretty good ...
2
votes
0
answers
80
views
How can I identify functions and their size in a x86-64 executable binary (PE)
Using an x86 disassembler such as capstone, are there known algorithms that I can use to identify functions and their respective sizes in a portable executable?
I found Architecture Agnostic Function ...
- 61
1
vote
0
answers
69
views
<<not bound>> on ghidra function, can't create an association with the needed .dll
I'm trying to reverse engineer an .exe, but it's my first time using ghidra, I used more x64dbg, but it doesn't have all the features I need. When I search a function from the imports, the dll called ...
0
votes
0
answers
38
views
Knowing the dimension of a matrix in assembly
int array1[H][J];
int array2[J][H];
void copy_array(int x, int y) {
array2[y][x] = array1[x][y];
}
say i have the piece of code above, then i am given this assembly;
copy_array:
movslq %edi,%rdi # ...
- 7
0
votes
0
answers
24
views
What are the numbers near the registers mean in assembly? [duplicate]
Hopefully this question is suitable for this forum. I'm very new to assembly. So, I'm trying to change some of the code of the game in cheat engine. Lets say for example we have something like this in ...
- 1