Questions tagged [debugging]
Process of analyzing live programs through software (e.g. ptrace) or hardware (e.g. JTAGs) devices.
635 questions
0
votes
0
answers
24
views
Bypass Update Prompt to Run Main Program
a software called Android Utility v175 https://www.mfdl.io/
it is Checking for Update before redirect to Main Program so i wanted to bypass that update checking or something like to tell software that ...
- 1
0
votes
0
answers
34
views
How could a CRC-15 CAN be transformed into 8 bytes in an embedded system?
I am analyzing calibration binary files of an embedded system (BMS) that likely uses a CRC-15 CAN checksum.
From my firmware and bootloader file analysis, I have found a PECLookup table, which ...
- 1
0
votes
0
answers
43
views
Problem with deobfuscation .NET-file, protected with XerinObfuscator, Anti-dnSpy and Anti-Debug
I am trying to analyze a .NET file that I suspect is malicious. The file is protected by XerinObfuscator and also has Anti-dnSpy and Anti-debug protection. I tried to use de4dot to deobfuscate it, but ...
- 1
0
votes
1
answer
134
views
How can I compare different execution traces of the same exe, but ran with different parameters?
Context
I'm working on analyzing how a software's behavior changes when run with different parameters.
My goal is to compare the execution traces (e.g., function calls, memory accesses, or instruction ...
- 35
1
vote
1
answer
53
views
Modifying CreationFlags in CreateProcessA with OllyDBG2 with CREATE_SUSPENDED
I am trying to attach the OllyDBGv2 debugger to an external program that is created by CreateProcessA found in a win32 based binary but I strongly suspect that the process is created/ran and ...
- 113
0
votes
0
answers
41
views
Can one binary use both lazy binding and non-lazy binding?
I inspected /bin/rm binary on macOS with the next command: otool -l /bin/rm | grep symbol_ptr -A5 and I've got the next output:
segname __DATA
addr 0x0000000100004000
size ...
- 125
0
votes
0
answers
23
views
How to pass radare2 a specific payload, but only after "dc"?
I'm trying to inject a particular byte string to radare input. I'd like to do it after a particular dc command, because after that the program will ask
Hello, what's your name?
Something like dc <&...
- 101
0
votes
1
answer
120
views
How can I compile an EXE with GCC such that the .idata and .text sections are merged together?
Given this classic helloworld.c example,
#include <stdio.h>
int main()
{
printf("Hello world!\n");
}
Under normal circumstances, a compiled EXE file consists of several sections, ...
- 1
1
vote
1
answer
51
views
Dynamic analysis of Android applications' interaction
There are two or even more Android applications that somehow interact with each other:
Application A invokes application B or sends request to it directly or via third application C. I don't have the ...
- 113
0
votes
0
answers
27
views
Log addresses of every called function in Ollydbg/x64dbg in multi-threaded program
I have 2 programs: one 32bit and the second one 64bit. I use Ollydbg/x64dbg to debug them, respectively. These programs are multi-threaded and I have a difficulty when debugging: when an important ...
- 11
1
vote
1
answer
110
views
Attaching into an x86 process in windbg
How can I attach into an x86 process from windbg?
currently I am waiting for the process to load then I am breaking into wow64cpu!KiFastSystemCall to switch into x86 context and only then put bp to ...
- 13
0
votes
0
answers
28
views
Reverse Engineering Obsolete Software commands on legacy equipment using RS232
I have attached a RS232 to USB converter and connected SD-100 Verity Monochromator Legacy Equipment(circa 1999 Device). No software available(unable to find and manufacturer does not have) to drive ...
0
votes
0
answers
45
views
Cannot unpack my own packer with x64dbg - scylla
I wrote a simple virtualization-obfuscated x64 packer. But my problem is I cannot dump and unpack it with Scylla. For who wants to analyze this exe themself, set BP at 00007FF630DB26A1. The call at ...
- 1
2
votes
2
answers
84
views
What's the best way or approach to debug binary Linux library?
I've got a header file (I know the functions and have some documentation) and a .so file:
From a wrapper library and from context, I need to call "Connect", but it does not work, just fails ...
0
votes
0
answers
48
views
How to get which Tedit is referenced when retrieving text
Reversing a borland builder 6 application, I came across this function: @Controls@TControl@GetText$qqrv
Now, the two parameters for the function are:
LEA param_2=>local_8,[EBP + -0x4]
MOV param_1,...
- 1