Questions tagged [functions]
A sequence of instructions performing a basic task packaged as a unit in a program.
109
questions
2
votes
2
answers
105
views
Tracing all functions in executable conditionally, to find function of interest
I would like to alter the behavior of some executable (in my case, a videogame). One way of doing this is to hook function calls (e.g., a function like Player::ReceiveDamage) and adjust parameters/...
- 125
0
votes
1
answer
84
views
How to call unexported function in a third party DLL while having its PDB?
I'm new to reverse engineering and recently met with a problem:
I have the dll and pdb of a debug version third party module, but I don't have its source codes. Now I want to write a piece of C++ code ...
- 103
0
votes
0
answers
51
views
WebAssembly Unity base64 decipher
When in game (taming.io) going to leaderboard and searching a player id lets say: 1. It renders player data retrieved from here just fine:
https://account.taming.io/player?id=1
If I type this url (get ...
0
votes
1
answer
61
views
Function return in machine code (by platform/compiler)
I am asking this question to gather a knowledge base. I know in x86-64, a machine code function can have only one function return, i.e., ret instruction. I know it can be compiler (GCC, clang, etc) ...
0
votes
2
answers
208
views
Cutter shows addresses relative to stack but not rbp. How to change it?
Look at the first image:
Here what I get is var void *buf @ stack - 0x28.
But I'm watching a tutorial there his Cutter shows like this:
var void *buf @ rbp - 0x20. How can I change cutter to appear ...
- 123
1
vote
0
answers
128
views
Log functions called in IDA Pro?
When I run an exe in IDA how could I log which functions were called into a text file?
log.txt:
call func1
call func2
call func1
call func1
Not worried about indirect calls.
This is for differential ...
- 11
1
vote
2
answers
556
views
How can I jump to the start/end of a function in x64dbg?
I'm currently debugging a program using x64dbg, and I'm wondering how to quickly jump to the start or end (prologue/epilogue) of a function while I'm in the middle of it. I couldn't find this ...
- 85
0
votes
1
answer
111
views
split function argument from IDA's hints
Suppose I have a function, I know that the first 4 arguments come with fixed registers.
_BYTE *__fastcall foo(__int64 a1, _QWORD *a2, unsigned int a3, char a4, _QWORD *a5)
For the fifth one, if I ...
- 313
0
votes
1
answer
517
views
which command in windbg to use to display the struct in function argument
The struct looks like this.
typedef struct _RTL_DYNAMIC_HASH_TABLE_ENUMERATOR {
struct _RTL_DYNAMIC_HASH_TABLE_ENTRY HashEntry;
struct _LIST_ENTRY* CurEntry;
struct _LIST_ENTRY* ChainHead;
ULONG ...
- 313
1
vote
0
answers
90
views
How to reverse an import function?
I'm reversing windows .sys file and an import function RtlLookupEntryHashTable appears in my target functions. I want to know the pseudocode of it. How to achieve this?
.text:00000001C00218C2 ...
- 313
0
votes
1
answer
299
views
How to speed up finding a function from pseudocode in IDA?
I have a function with the pseudocode of
__int64 __fastcall sub_7FF7067A01F0(__int64 a1, __int64 a2, unsigned int a3)
{
if ( qword_7FF709F91498 )
return (*(__int64 (__fastcall **)(ID2D1Geometry *...
- 39
1
vote
1
answer
101
views
Calling a function with a variable number of args from a proxy DLL
The program I'm messing with has builtin logging. Using a proxy DLL, I managed to activate it by calling the right functions from the real DLL. However, I got stuck at using the actual logging ...
- 149
1
vote
1
answer
3k
views
How to define "code" variable type in Ghidra
Of all the confusing parts of Ghidra, I'd like to ask about the "code" keyword. A similar question was asked here. However, I am not asking what the keyword is, but how to interpret/define ...
- 21
1
vote
1
answer
139
views
I don't find the body of a function that I called in the main function
I have created a very simple x86 console program that uses Visual Studio 2019 compiler to sum 2 numbers just to see how is the program be after disassembly but I found something unclear to me.
// C++
#...
- 269
0
votes
1
answer
747
views
How do I find a function and find out what it does using reverse engineering?
I am attempting to find a function in a specific game. Is there any way that, using the assembly code I get from decompiling the game in either IDA or x64dbg, I can locate a function I am specifically ...
- 39