reverse-engineering | 易学教程

set breakpoint in an stripped ELF executable

阅读更多关于 set breakpoint in an stripped ELF executable

问题 I have an ELF 32-bit dynamically linked, stripped file which I wish to debug. While trying to set a breakpoint at an address a message saying that the symbol table is not loaded. My questions are: When you say that an ELF file is stripped what exactly is happening? How do you strip an ELF file? Is it possible to reconstruct the symbol table somehow? Is it not possible to set breakpoints in gdb on a stripped executable? 回答1: Stripping ELFs is is done with the gnu binutils tool strip, from the

How Self & Total time is calculated having Google Chrome's devtools profile report (cpuprofile file)

阅读更多关于 How Self & Total time is calculated having Google Chrome's devtools profile report (cpuprofile file)

问题 I'm writing tool to parse and extract some data from cpuprofile file (file produced when I save profile report) and I'm having some troubles with precision of Self & Total times calculations. So, time depends on the value from field hitCount , but. When hitCount is small (<300) the coefficient between hitCount and Self time ~1.033. But as hitCount grows, coefficient also grows. So, when hitCount=3585, k is 1.057. When hitCount=7265: k=1.066. Currently I'm using 1.035 as coefficient, I tried

Detecting mov dword ptr [rbp - …] instructions with a specific register in the addressing mode, using Intel PIN

阅读更多关于 Detecting mov dword ptr [rbp - …] instructions with a specific register in the addressing mode, using Intel PIN

问题 I want to detect the instructions like mov dword ptr [rbp-0x28], 0x7 (so, all the instructions in mov dword ptr [rbp-0xxx], xxx format) using Intel PIN (mainly to get array writes information). In un-optimized code, this should get most stores to local variables. I can do: if (INS_Opcode(ins) == XED_ICLASS_MOV) instruction detection; to detect the mov instruction. But, along with that it also detects other instruction such as mov eax, 0x0 . I want to detect the instructions with dword ptr

How to figure out second parameter/register in reverse engineering assembly?

阅读更多关于 How to figure out second parameter/register in reverse engineering assembly?

问题 so Im doing a variation of the binary bomb. Heres what the phase is 0x0000000000401205 <+0>: sub $0x8,%rsp 0x0000000000401209 <+4>: cmp $0x3,%rdi #rdi = 3 0x000000000040120d <+8>: je 0x40121d <phase_2+24> #if(rdi == 3) skip explosion 0x000000000040120f <+10>: callq 0x401c01 <bomb_ignition> 0x0000000000401214 <+15>: mov $0xffffffffffffffff,%rax 0x000000000040121b <+22>: jmp 0x40124c <phase_2+71> 0x000000000040121d <+24>: xor $0xffffffffffffff1c,%rsi #rsi ^= 0xffffffffffffff1c

What's the best practice to reverse engineering a binary file in windows? [closed]

阅读更多关于 What's the best practice to reverse engineering a binary file in windows? [closed]

问题 Closed . This question needs to be more focused. It is not currently accepting answers. Want to improve this question? Update the question so it focuses on one problem only by editing this post. Closed 4 years ago . In my case it's written in c/c++ ,if that matters. 回答1: IDA rocks. IDA Disassembler 回答2: Most reverser's are still gurus. You should first ask yourself why am I reversing? There are a few main reasons I can think of. You are trying to crack a copy protection mechanism, pirate

checksum calculation

阅读更多关于 checksum calculation

To calculate CRC I found a piece of code but I am not understanding the concept. Here is the code: count =128 and ptr=some value; calcrc(unsigned char *ptr, int count) { unsigned short crc; unsigned char i; crc = 0; while (--count >= 0) { crc = crc ^ (unsigned short)*ptr++ << 8; i = 8; do { if (crc & 0x8000) crc = crc << 1 ^ 0x1021; else crc = crc << 1; } while(--i); } return (crc); } Please any body explain and tell me the logic. This looks like a CRC (specifically it looks like CRC-16-CCITT, used by things like 802.15.4, X.25, V.41, CDMA, Bluetooth, XMODEM, HDLC, PPP and IrDA). You might

Programmatically edit a Google doc with JavaScript

阅读更多关于 Programmatically edit a Google doc with JavaScript

问题 What I'm trying to do is run some JavaScript code that will enter text into a Google doc. What I have done so far is create an iframe element on my personal web page that embeds Google Docs. What I want to do, for now, is use functions from Google's source code to input the text. When I use the Chrome inspector along with a js beautifier, I found that if I listen for a keypress event, I get brought to the following code segment: function dKa() { var a = eKa, b = TJa ? function(c) { return a

How can you reverse engineer a binary thrift file?

阅读更多关于 How can you reverse engineer a binary thrift file?

问题 I've been asked to process some files serialized as binary (not text/JSON unfortunately) Thrift objects, but I don't have access to the program or programmer that created the files, so I have no idea of their structure, field order, etc. Is there a way using the Thrift libraries to open a binary file and analyze it, getting a list of the field types, values, nesting, etc.? 回答1: Unfortunately it appears that Thrift's binary protocol does not do very much tagging of data at all; to decode it

Explore app files for reverse engineering purposes

阅读更多关于 Explore app files for reverse engineering purposes

I want to view some Iphone application source files on Windows. Is it possible? If so what do I need in order to view them on a Windows computer? For actual reverse engineering, I would suggest you to have a close look at IDA. IDA supports the ARMv6 and ARMv7 architecture and is overall the best reversing tool on this planet. The App files downloaded through iTunes are compressed ZIP files with the extension .IPA. You may use any decompression tool to unpack them. To do so, you may simply rename the extension IPA towards ZIP. [edited to match OP question comments] You can't view the source

Reverse engineer database from an Oracle database

阅读更多关于 Reverse engineer database from an Oracle database

I would like to know if there is any tool able to extract the design from an existing Oracle database. I have a read access to it and I would like to have the design. Or simply export it to a *.sql and then read it with any tool able to create the design with the links between the tables. Something like that (source: fileguru.com ) Thank you very much. There are a number of tools which do reverse engineering from an Oracle database, but most require a license. Oracle has its own Data Modeller . Previously Oracle tried to charge an exorbitant licence fee but obviously they had few takers