reverse-engineering

问题 I'm having a bit of trouble understanding the rlwinm PPC Assembly instruction (Rotate Left Word Immediate Then AND with Mask). I am trying to reverse this part of a function rlwinm r3, r3, 0, 28, 28 I already know what r3 is. r3 in this case is a 4 byte integer but I am not sure exactly what this instruction rlwinm is doing to it. By the way, this is on a 32 bit machine. 回答1: Your understanding is not quite right. As per the IBM link on this instruction, the form you're seeing is: rlwinm

问题 Would it be possible to fake the return address at, ebp + 4. I'm currently writing a DLL that you would inject into a game, in which it would call game functions to do things, but the functions I call check the return address against the program itself, and if its outside their base it detects it. So basically is there any way to fake the return address in any way? It works like this: if ( (_BYTE *)retaddr - (_BYTE *)unusedPadding >= (unsigned int)&byte_A6132A ) { dword_11E59F8 |= 0x200000u;

问题 After experimenting myself, I am convinced that java code obsfucation is not safe in terms of preventing reverse code engineering. So, I turn to using Launch4J to bundle one of my core jar file into a single EXE file. The jar file contains the main entry method as well. Is this going to protect again code reverse engineering? 回答1: If a computer can run it, a human can reverse engineer it. 回答2: Launch4J doesn't translate your Java code into native executable code, it just provides a native

问题 I'm trying to use OllyDbg's "Execute Till User Code" feature (which is essential for me) but it never works. I first tried it on a program which called MessageBoxA. When it called it I paused the program in the debugger and issued OllyDbg to execute till user code, but the program was still paused and completely frozen. I couldn't even click the MessageBox's OK button, or even make it continue from OllyDbg. When I tried too hard to make it continue it just crashed. So I decided to write an

问题 Closed. This question is off-topic. It is not currently accepting answers. Want to improve this question? Update the question so it's on-topic for Stack Overflow. Closed 6 years ago . I think there are many tools that can generate UML and similar diagrams from C++ (source-code), but I think it is not so easy to make sense of what you get out? I am looking for good tools/procedures. For example I might want to see the GUI-layer and how it is separated (or not from the rest). Think the tools

问题 I'm trying to analyze and reverse a Objective-C program I have. I made few modifications to the executable by changing some opcodes by hand. When I test the modified software, however, I get Killed: 9 That's fine, I think I touched something I should not. I launched then gdb myprogram in order to analyze the error. Here something (strange to me) happened: if I do not put any breakpoint the program receives SIGKILL, while if I try to put a breakpoint few lines before the one in which I receive

问题 I'm trying to reverse engineer this mystery function. This function returns an integer and takes a struct node as an argument #include "mystery.h" int mystery(struct e4_struct *s){} The header file is a simple struct declaration struct my_struct { int a; int b; }; The assembly I'm trying to reverse engineer is 400596: 8b 07 mov (%rdi),%eax 400598: 8d 04 40 lea (%rax,%rax,2),%eax 40059b: 89 07 mov %eax,(%rdi) 40059d: 83 47 04 07 addl $0x7,0x4(%rdi) 4005a1: c3 retq So far I think the function

问题 I've been looking into the Software Developer's Manual of the x86 architecture trying to brush my reverse engineering skills. I know that the architecture is complex and backwards compatible with previous generations. With newer generations some of the older documentation parts get left out. But one of the disturbing explanations and misinterpretations were instructions similar to this one: 80 /2 ib So instructions based on the following 80 OpCode would be followed by a MOD/RM/REG byte. One

问题 I'm working with Infineon's XMC4500 Relax Kit and I'm trying to extract the firmware through a single GPIO pin. My very naive idea is to dump one bit at a time through the GPIO pin and somehow "sniff" the data with a logic analyzer. Pseudocode: while(word by word memory copy hasn't finished) ... register = value; temp_value = value AND 0x1; pin = temp_value; value = value >> 1; ... Am I on the right track? Does anybody have a better/nicer idea how to archive this? ### EDIT ### Actually a

问题 We are using hibernate in a new project where we use the hibernate.reveng.xml to create our *.hbm.xml files and POJOs after that. We want to have equals methods in each of our POJOs. I found that you can use <meta attribute="use-in-equals">true</meta> in your hbm files to mark which properties to use in the equals. But this would mean editing alot of files, and then re-editing the files again in the future if/when we modify tables or columns in our DB. So I was wondering if there is a way to