I'm trying to learn about reverse engineering, using Minesweeper as a sample application. I've found this MSDN article on a simple WinDbg command that reveals all the mines but it is old, is not explained in any detail and really isn't what I'm looking for. I have IDA Pro disassembler and the WinDbg debugger and I've loaded winmine.exe...
I'm currently analyzing a program I wrote in assembly and was thinking about moving some code around in the assembly. I have a procedure which takes one argument, but I'm not sure if it is passed on the stack or a register. When I open my program in IDA Pro, the first line in the procedure is: ThreadID= dword ptr -4 If I hover my cur...
I have an MFC application that I was given (without source code) which opens a window with an 'Update' button, which then performs a very long update after being clicked. I'd like to modify the program so that when the window is created (or somewhere else such as DoModal), a message is sent to the program to make it think that the butto...
Could someone provide a good link of documenation/material/examples of IDAPERL (a plugin to add perl scripting and automation support to IDA PRO ) i see there are many documentation about python and idapro but for perl it seems nothing . or could someone suggest a perl cpan module that automate the IDA PRO Degguber (http://www.hex-rays.c...
Currently, I'm disassembling a Mach-O executable in IDA Pro. I've gone through and found the string I'm interested in, but when I try to find xrefs to it, none can be found. I'm sure that the strings are referenced in the original code, but IDA Pro doesn't seem to be able to find out how they are referenced. Are there any tricks that ca...
Around the net I've seen reference to "scripts" for IDA Pro, but can't work out how to load or install them for IDA Pro 4.9 Freeware Version. How do I do this? In particular I wish to use PE Scripts. ...
Is it possible to change argument types/names of arguments of imported functions like StretchBlt in IDA 4.9? It's painful and error-prone to manually change from ... .text:0040A49E push eax ; HDC .text:0040A49F push 36h ; int .text:0040A4A1 push 48h ...
I can't figure out the prototype for this simple function: In stack: Function call: That's what I got so far, and it causes an error. //No idea void CameraDeviceCreate(int one,int two,int* three); There are three registers used (R0,R1,R2) so there should be three arguments. Third one refers to a stack variable (I still don't get...