reverse-engineering

问题 I am trying to reverse engineer a website which has a function for decoding an encoded string. The function gets called in one of the inlined scripts: <script type='text/javascript'> var str = dec("BHUJLOUBHUNK"); </script> I am not successful at finding out where actual function dec resides even though I have full source. I am suspecting the function is hidden somewhere in the following scripts (but I could be wrong): <script type="text/javascript">var _0xb557=["\x6B\x65\x79","\x4A\x30\x2B

问题 Closed. This question is off-topic. It is not currently accepting answers. Want to improve this question? Update the question so it's on-topic for Stack Overflow. Closed 4 years ago . I'm strugglying with UML diagrams as I just need to draw diagram to visualize better the dozen of classes I've created : I'm lost with these classes every time I come back from a break. So I'd need to draw them back from sources. I know it's not a real new topic (for example this one) but I spent the whole night

问题 I am, purely for hobby reasons, trying to understand some low-level code in the PC. I downloaded an outdated BIOS ROM image for a random old Gigabyte MB (https://www.gigabyte.com/Motherboard/GA-8I845GE775-G-rev-10/support#support-dl-bios), it's almost 15 years old so I hope it doesn't harm anyone's IP rights. I'll be using this file for reference. I'm stumbled right at the beginning. These seem to be the very first instructions the processor sees after power up: f000:fff0 ljmp 0xf000:0xe05b

问题 I would like to extract resources from a resources file which magic key is SFS. I don't find any documentation about this file type nor any tools to extract resources from this file type. It's resources of a 1997 game. 回答1: If it comes from Linux, the content of the sfs-file may be extracted with this tool: http://www.sas1946.com/main/index.php?topic=7017.0 Otherwise have a look at: http://www.murga-linux.com/puppy/viewtopic.php?t=17322 来源： https://stackoverflow.com/questions/6409591/extract

问题 So I have annotated what I think it means next to each instruction and have put a (?) next to each instruction which I am unsure of/not quite certain it does that function. There are probably a lot more of ones I am unsure of than I have marked, but they are mostly the same type of instruction. 0x0000000000401251 <+0>: sub $0x8,%rsp 0x0000000000401255 <+4>: cmp $0x1,%rdi #compare num of inputs (?) 0x0000000000401259 <+8>: jg 0x40126c <phase_3+27> #blow up if not >1 0x000000000040125b <+10>:

问题 I'm just doing some debugging on a Windows 7 crash dump, and I've come across a singly-linked list that I'm not able to fully understand. Here's the output from WinDBG: dt _GENERAL_LOOKASIDE_POOL fffff80002a14800 -b .... 0x000 SingleListHead: _SINGLE_LIST_ENTRY +0x000 Next: 0x0000000000220001 .... From what I've been reading, it seems that each singly linked list begins with a list head, which contains a pointer to the first element in the list, or null if the list is empty. Microsoft state:

问题 I have an unsupported file format from an OS X program. It uses NSDocument , unfortunately the vendor won't help with the format - or allow export. So what are the first steps in reverse engineering this format based on NSDocument ? The program still uses deprecated initWithContentsOfFile methods from os x 10.3. I have access to the program, my data and lots of sample data. I've done some initial work on disassembly of the program, and revese engineering the format. But haven't made much

问题 I am attempting to write a python script using the angr binary analysis library (http://angr.io/). I have written code that successfully loads a core dump of the process I want to play with by using the ElfCore back end (http://angr.io/api-doc/cle.html#cle.backends.elf.elfcore.ELFCore) passed to the project constructor, doing something like the following: ap = angr.Project("corefile", main_opts={'backend': 'elfcore'}) What I am wondering is, how do I now "run" the program forward from the

问题 This might be a silly question, but I was debugging a binary with gdb trying to "reverse engineer" it and reached an instruction that makes a syscall after which the effect I want to reverse engineer appears. I assume that another process is taking over and does the job so I was wondering if it was possible to debug the kernel code that handles the syscall with gdb. Here is the x86 assembly snippet that makes the syscall (it appears that it is sys_getpid): 0x00007ffff7660d3e <+14>: movsxd rdx

问题 How can expand a structure definition to show nested types? For example, I would like to expand this type Foo struct { x int y []string z Bar } type Bar struct { a int b string } to something like this: type Foo struct { x int y []string z Bar struct { a int b string } } context: reverse engineering existing code. 回答1: You can try something along these lines to list all fields defined in a struct, recursively listing structs found in the way. It does not produce exactly the output you asked