Usually strings (like content/titles of dialog boxes) in .exe files are stored in some sort of resources. But in some recent exes I disassembled/resource-inspected I couldn't find any resources containing the string but it was somehow hardcoded with db's into the program source code. How can I extract and modify strings directly locat...
I have been looking for a way of modifying static strings stored in Windows .exe files in the .rdata section, however I haven't found a real way to do so yet. The whole thing is too complicated to do by hand (in this case by a HEX editor) and so I wanted to know if you have a solution to do so. ...
How does objdump manage to display source code? Is there a reference to the source file in the binary? I tried running strings on the binary and couldn't find any reference to the source file listed... Thanks. ...
Is there a utility similar to OllyDbg / SoftICE for java? I.e. execute class (from jar / with class path) and, without source code, show the disassembly of the intermediate code with ability to step through / step over / search for references / edit specific intermediate code in memory / apply edit to file... If not, is it even possible...
hi, I have a static C library (say mylib.a) and I was wondering if it's possible to find out what functions are implemented inside that file. I don't have a corresponding header file. what I need is like the equivalent of javap for Java. ...
This is what it looks like on my laptop with less than 4G: 0x004012f1 <main+0>: push %ebp 0x004012f2 <main+1>: mov %esp,%ebp 0x004012f4 <main+3>: sub $0x18,%esp 0x004012f7 <main+6>: and $0xfffffff0,%esp Can someone using RAM larger than 4G paste a dump? I think it should be no longer like 0x004012f7 as its capa...
I'm disassembling an executable: (gdb) disas main Dump of assembler code for function main: 0x004012d0 <main+0>: push %ebp 0x004012d1 <main+1>: mov %esp,%ebp ... Each time the memory address is the same:0x004012d0. Isn't the memory address to be dynamically assigned by the OS? UPDATE Now I see it's virtual space,and it c...
Disassembling printf doesn't give much info: (gdb) disas printf Dump of assembler code for function printf: 0x00401b38 <printf+0>: jmp *0x405130 0x00401b3e <printf+6>: nop 0x00401b3f <printf+7>: nop End of assembler dump. (gdb) disas 0x405130 Dump of assembler code for function _imp__printf: 0x00405130 <_imp__printf+0>: je ...
Hi there, I have got a homework to hack program using buffer overflow ( with disassambling, program was written in C++, I haven't got the source code ). I have already managed it but I have a problem. I have to print some message on the screen, so I found out address of printf function, pushed address of "HACKED" and address of "%s" on t...
I have an issue where I need to be able to have a compiled exe ( .net 3.5 c# ) that I will make copies of to distribute that will need to change a key for example before the exe is sent out. I cannot compile each time a new exe is needed. This is a thin client that will be used as part of a registration process. Is it possible to a...
I'd like to go through a binary file my teacher gave me line by line to check addresses on the stack and the contents of different registers, but I'm not extremely familiar with using gdb. Although I have the C code, we're supposed to work entirely from a binary file. Here are the commands I've used so far: (gdb) file SomeCode Which g...
Hello. I'm looking for a (preferably free) tool that can produce "proper" disassembly listing from a (non-.NET) windows PE file (*.exe or *.dll). Important requirement: it should be possible to run the listing through a windows assembler (nasm, masm or whatever) and get working exe again (not necessarily identical to original one, but...
See title. Reflection.Emit seems to be more about creating a new dynamic assembly, not for loading an exisitng assembly and inspecting its IL. ...
Why every time when I disassembly the same .exe file the same instruction is in the same address? And what address is that(RAM? HDD? Virtual?)? ...
Well, a simple question here I am studying some assembly, and converting some assembly routines back to VB.NET Now, There is a specific line of code I am having trouble with, in assembly, assume the following: EBX = F0D04080 Then the following line gets executed SHR EBX, 4 Which gives me the following: EBX = 0F0D0408 Now, in V...
Hi all, I had just a look at a very simple SPARC assembly output that I got from this C programm: int addition_func(int a, int b) { return(a+b); } void main() { int a = 20; int b = 19; int res; res = addition_func(a, b); } Disassembly of section .text: 00000000 <addition_func>: 0: 81 c3 e0 08 retl 4: 90 02 00 09 ...
This is a PDP-8 Program. Kindly can any one disassemble it. Binary representation Octal Representation 111000000001 7001 010000011100 2034 101000010001 5021 101000010000 5020 I want to know what the heck this code is doing. PS: This is not a homework. I just found this code in a video. Th...
I would like to compare several dlls of one install to several dlls of another install of the application I'm working with. I need to ensure they are exact same. How do I compare two dlls to ensure they have the exact same methods, properties, version, etc? I've started to use RedGate .Net Reflector, but the task became tedious so I tho...
Hi, I am working on a very simple decompiler for MIPS architecture and as I progress I have to define lots of rules for code analysis, for example "if this opcode is lui and next opcode is addiu then return var = value" or "if this opcode is bne and it's referring to address before current - create loop definition in parsing tree". The ...
I'm trying to develop a Visual Studio 2010 extension and it would be a lot easier if I could see what the Visual Studio XAML looks like. I used Reflector and the BAML disassembler but that didn't seem to give me what I want. The URI for the XAML file I'm looking for is: Microsoft.VisualStudio.Shell.UI.Internal;component/mainwindow/mainw...