Questions tagged [dynamic-analysis]
Analysis of a piece of code by letting it run (fully or step-by-step) on a real system or in a virtualized environment, as opposed to static analysis.
147
questions
2
votes
2
answers
105
views
Tracing all functions in executable conditionally, to find function of interest
I would like to alter the behavior of some executable (in my case, a videogame). One way of doing this is to hook function calls (e.g., a function like Player::ReceiveDamage) and adjust parameters/...
1
vote
0
answers
57
views
How to hook or call "non-native/non-exported functions"?
I wrote this simple application in C++ to learn about reverse engineering:
#include <iostream>
#include <windows.h>
void PrintMessage(const char *message) {
std::cout << message ...
0
votes
0
answers
38
views
How can I make a quick tracer for a PE file?
INTRODUCTION:
I made my tracer on the event debug loop, but after I compared its speed characteristics with the same PinTool or similar tools, I realized that my tracer is several dozen times slower ...
0
votes
1
answer
368
views
How learn which functions are called in .so library at Android?
I want to learn how listen certain .so files. I mean what is the way to know which fuctions are called which body of code executed in shared library at Android? I just wanted mofify stock camera on my ...
1
vote
1
answer
173
views
How can i remove dead code and opaque predicates?
I have the following problem on my agenda: There is an obfuscated .exe (this is a virus that I am investigating) in addition to having an MBA, etc. bullshit, he has Opaque predicates and dead code, I ...
2
votes
1
answer
101
views
other than x32dbg, is there a more friendly way to check functions, their args and their return values on runtime?
atm I'm using ida and x32dbg, when I find a function that interests me, I set a breakpoint on x32dbg, however, I'm not good enough at assembly to know everything from a function just from looking at ...
3
votes
1
answer
637
views
How to reverse Engineer a Struct in IDA Pro?
How to identify and define a struct in IDA pro Decompiling during reverse engineering?
Please explain the easiest way to figure out the struct in IDA Pro decompilation!
To make life easier are there ...
2
votes
1
answer
79
views
In Pintool, How to find the name of an routine's caller?
I want to trace the mutex variables in my rust program(e.g. which mutex called lock() and unlock() methods). And I think there're static methods.
0
votes
0
answers
70
views
Why is Windows 10 still blocking me from running malware?
I am analyzing some malware on Windows 10. I installed FLARE VM, disabled tamper protection and disabled the virus scanner in the registry. However when I attempt to run a malware, Windows is still ...
2
votes
0
answers
33
views
How to re-create media file from android sender output stream
I would like to perform dynamic analysis on some android apps to check if these apps sending metadata with media files or not.
Ideas like the picture below:
Step 1: I prepared an image with metadata (...
3
votes
0
answers
73
views
Reverse engineering LCD memory map
I'm trying to get RAW data from a laser rangefinder device, but it has no PC connection ports. It has a small LCD screen onboard, where all data is displayed: distance, angle, battery level, etc. ...
5
votes
1
answer
527
views
Disassembling a DOS game with dynamic code/overlays in IDA Pro
I'm working on a disassembly of an old DOS game. (Real old: 16-bit, real mode.) The bulk of the game is in a large resource file of mixed binary and data; the executable basically just loads a chunk ...
3
votes
0
answers
202
views
Solved: Unable to hook Apple binary on iOS 14.x with Frida
I'm attempting to analyze a binary from iOS 14.8 (searchpartyd). I'm using Frida to try to hook it like I normally would with other binaries. However, I'm getting an error message that I'm unable to ...
3
votes
0
answers
97
views
Is there a Capturebat alternative on windows 10 for file capture?
I've been looking for a capturebat alternative that will function on Windows 10 and 64 bit.
I'm not interested in capturbat's network capabilities; rather, I'm interested in its capacity to capture ...
1
vote
1
answer
697
views
.NET: How to debug or decompile a DanamicMethod with dnSpy?
I have a managed .NET executable that supplies the msil bytecode of a function as raw bytes. It constructs a DynamicMethod object, sets the bytecode with DynamicMethod.DynamicILInfo.SetCode() and ...