Just curious. Using gcc/gdb under Ubuntu 9.10. Reading a C book that also often gives the disassembly of the object file. When reading in January, my disassembly looks a lot like the book's; now, it's quite different - possibly more optimized (I notice some re-arrangements in the assembly code now that, at least in the files I checked, ...
I'm working with a binary file that I disas'd in gdb. Right now I'm just examining the return value of a function. 0x08048604 <playGame+78>: ret Is the address shown the address where ret is stored in the function? Or is it just the address of the instruction to return the ret value? ...
I'm seeing what I think is strange behaviour from object files output by the Microsoft Visual Studio 2003 tools. The file utility tells me: asmfile.obj: 80386 COFF executable not stripped - version 30821 For objects created by the assembler, but for objects coming from C files, I get just: cfile.obj: data Using Microsoft's dumpbin...
I have 2 .pyo python files that I can convert to .py source files, but they don't compile perfectly as hinted by decompyle's verify. Therefore looking at the source code, I can tell that config.pyo simply had variables in in an array: ADMIN_USERIDS = [116901, 141, 349244, 39, 1159488] I would like to take the original .pyo and di...
Given the following x86 assembly instructions: mov esi, offset off_A cmp esi, offset off_B how would I get the offsets (the second operand) at runtime ? This is the scenario: A program (injected into the process at runtime) replaces the offsets with a few of its own, resulting in: mov esi, offset off_X cmp esi, offset...
So all I simply want to do is make a Ruby program that reads some values from known memory address in another process's virtual memory. Through my research and basic knowledge of hex editing a running process's x86 assembly in memory, I have found the base address and offsets for the values in memory I want. I do not want to change the...
I need something that can generate a PDB from a DLL file (C# .NET code), is there any free program to do that? ...
I want to hide the tool I used to create an .exe file. I am not doing anything illegal, I just want to protect my intellectual property from being copied. If I open the exe file in a text editor I see the following section. <?xml version="1.0" encoding="UTF-8" standalone="yes"?> <assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifes...
How do i get the address of the variable holding an event handler? e.g. TExample = class(TObject) private FOnChange: TNotifyEvent; end; i want the address of the FOnChange private member, event handler, variable. Why? i'm trying to figure out who is overwriting my FOnChange handler variable with junk. i am stepping through c...
I'd like to get a solid understanding of the low level process for representing and running a program. I've decided to do this by writing a program to parse and display object file information (headers, sections, etc.). I've nearly finished this part. A natural extension is to decompile the remaining relevant data into assembly instructi...
For one reason or another, I sometimes find it useful or just interesting to look at the optimised compiler output for a function. For unmanaged C/C++ code, my favourite way to do this has been to compile in Release mode, stick a breakpoint in the function of interest, run, and view the disassembly in Visual Studio when it hits the brea...
I need to send data from my iPhone application to my webserver, and back. To do this securely, I'm using an encryption algorithm. It requires a key that must be known by both the server and the user so that decryption can take place. I was thinking about just using a simple static string in my app and on the server as the key, but the...
I need to compare few function calls and signature between my application and an working application. Here I don't mean any way to reverse engineer or access the source code of the other application , but truly need to know what are the methods , Interfaces used by the working application. I tried attaching my application to Visual Stud...
Hi there, I'm using Ollydbg to disasemble a program. What I need to do is inject code into the program and save an EDX value at a certain point. I'm guessing the easiest way would be for me to create a dll with a single function like so... function WriteEAXValue(EAX: PChar): LongBool and then inject code into the program so it calls t...
I'm debugging some code from the disassembly (no source code is available), and there a number of instructions accessing data via the ds segment register, e.g. something like this: 66 3B 05 8A B1 43 00 cmp ax,word ptr ds:[43B18Ah] How do you get the Visual Studio debugger to tell you the offset of the ds segment register so th...
I opened it with an editor,totally messy. BTW, in the "Disassembly" view,is it possible to dump all the assembly code? I tried but can only grab a screen of lines ...
It's a c++ project: 7C92E4BE mov dword ptr [esp],eax 7C92E4C1 mov dword ptr [esp+4],0 7C92E4C9 mov dword ptr [esp+8],0 7C92E4D1 mov dword ptr [esp+10h],0 7C92E4D9 push esp 7C92E4DA call 7C92E508 7C92E4DF mov eax,dword ptr [esp] 7C92E4E2 mov esp,ebp 7C92E4E4...
Suppose I've a project that uses the dll so I can trace into the internals of the dll in the "Disassembly Window" of visual studio,then what's the advantage of IDA in this case?Is there? ...
So, we're studying MIPS architecture at school and we're implementing a MIPS32 architecture. I thought I'd use GNU cross-binutils as assembler but I'm getting weird output when dealing with instructions jal, j and jr. The assembler seems to insert the instructions at the wrong places. I have no idea why this happens, and I doubt the MIPS...
The problem exists at 017D0B5F call eax : 017D0B56 mov esi,esp 017D0B58 mov edx,dword ptr [ebp-20h] 017D0B5B push edx 017D0B5C mov eax,dword ptr [ecx+8] 017D0B5F call eax 017D0B61 cmp esi,esp 017D0B63 call @ILT+2525(__RTC_CheckEsp) (17C49E2h) 017D0B68 cmp ...