reverse-engineering

问题 I am trying to detect whether my process is being run in a debugger or not and, while in Windows there are many solutions and in Linux I use: ptrace(PTRACE_ME,0,0,0) and check its return value, I did not manage to perform the same basic check on Mac OS X. I tried to use the ptrace(PT_TRACE_ME,0,0,0) call but it always returns 0 even when run under gdb. If I change the request to PT_DENY_ATTACH it correctly stops the debugging but that is not what I want to achieve. Any ideas? 回答1: You can

问题 I am trying to detect whether my process is being run in a debugger or not and, while in Windows there are many solutions and in Linux I use: ptrace(PTRACE_ME,0,0,0) and check its return value, I did not manage to perform the same basic check on Mac OS X. I tried to use the ptrace(PT_TRACE_ME,0,0,0) call but it always returns 0 even when run under gdb. If I change the request to PT_DENY_ATTACH it correctly stops the debugging but that is not what I want to achieve. Any ideas? 回答1: You can

问题 I happened to do some moderating stuff with large database but I am not so experienced in it so i guess the smart thing is to create similar database on my localhost to not mess up with original one. And here is my question, is it possible to generete SQL script which will create exact table as i want? I mean on MySQL GUI tool there is option like this, reverse engineering which generate SQL script which will create exact database as I used function on, is it possible in PostgreSQL in shell

问题 Closed . This question is opinion-based. It is not currently accepting answers. Want to improve this question? Update the question so it can be answered with facts and citations by editing this post. Closed 3 years ago . Improve this question Processing the same .NET assembly (feeding the output of one into the other as input) with two different obfuscators increases the chance to make decompilation impossible? Thanks. 回答1: Decompilation is never impossible. It may though quite easily get to

问题 How to log CPU instructions executed by program with x64dbg? I saw https://reverseengineering.stackexchange.com/questions/18634/x64dbg-see-the-current-position question, but I can't find the way to log instructions. 回答1: As far as I understand - you want to log all the executed instructions. The easiest would be to log them in the file. To do this you need to: Pause the program, either via Pause option (F12) or using breakpoints Select Trace menu and then Trace into... (Ctrl+Alt+F7) or Trace

问题 The C ABI for the x86-64 system is as follows: Registers rdi, rsi, rdx, rcx, r8, r9 are used to pass arguments in that order. The stack is used for the 7th argument onward. The return value uses the rax register. The rsp register contains the stack pointer. How many function arguments are defined in the blow function bloop ? I think there is only one function argument, rdi . is this correct? How many local variables (not arguments) are declared in the below function bloop ? I think there is

问题 pyinstxtractor runs to completion without problem, and then suggests to decompress the PYC to get the final .PY file (my goal) However when I tried to use uncompyle2, uncompyle6, and plethora of other tools none of them worked. (Magic Number Mismatch!) Which means that the file outputted is not a .PYC file... I opened the outputted file with a hex editor and I can see the source code decoded from hex however Im not able to extract that code in an efficient manner.. It's filled with .'s which

问题 I need to modify a so inside an Android APK. The task is to rename the dynamic symbols in side the so (which is the function name). For example, change from Java_com_example_abc_.... to Java_com_yahoo_zzz_.... I try to use WinHex directly search and replace text words, the apk startup error. Seems like the .hash section also needs to be updated, but i do not know how to update the .hash section. My question is what is the correct or preferable way to rename the dynamic Symbol? I heave been

问题 I need to modify a so inside an Android APK. The task is to rename the dynamic symbols in side the so (which is the function name). For example, change from Java_com_example_abc_.... to Java_com_yahoo_zzz_.... I try to use WinHex directly search and replace text words, the apk startup error. Seems like the .hash section also needs to be updated, but i do not know how to update the .hash section. My question is what is the correct or preferable way to rename the dynamic Symbol? I heave been

问题 I need to modify a so inside an Android APK. The task is to rename the dynamic symbols in side the so (which is the function name). For example, change from Java_com_example_abc_.... to Java_com_yahoo_zzz_.... I try to use WinHex directly search and replace text words, the apk startup error. Seems like the .hash section also needs to be updated, but i do not know how to update the .hash section. My question is what is the correct or preferable way to rename the dynamic Symbol? I heave been