Questions tagged [memory]
Part of the computer used to store data and code. Can refer to questions about, both, live memory investigation and ROM investigation.
238
questions
0
votes
0
answers
39
views
Why mov empty block to register?
Why MOV a bunch of 00s to register?
I have seen these empty blocks a lot of times being referenced this way.
- 1
0
votes
0
answers
36
views
Change Mac address
I have read the NAND memory MT29F2G08ABAEAWP contents via the RT809F programmer from IP Camera,
when I have written the program (.bin) to the new NAND memory the Mac address and serial number of ...
- 1
1
vote
0
answers
48
views
Unknown string encoding
I'm new to reverse, my question may be stupid.
I am trying to reverse a function in the application that reads a string at the address and concatenate it to another
char[250] v30;
char[20] v31;
...
...
- 11
0
votes
0
answers
29
views
How to trigger calls and attach to functions on a running process?
I'm a software developer, with some knowledge in memory management but near zero experience in reverse engineering. I wonder if there is a way to detect which function a program calls at certain ...
- 11
0
votes
1
answer
37
views
Buspirate_spi and flashrom opensource software
I have a question about buspirate_spi programmer and flashrom. I have a new Flash rom Boye BY25Q128AS similar to the winbond W25Q128.V in the flashrom list. How can I dump the data from this specific ...
0
votes
0
answers
104
views
Searching for a byte pattern and then hooking all instances of it using frida on iOS
I'm using a frida script to scan for a certain byte pattern when I launch an iOS app.
I can log each offset and confirm these are correct by also printing out the instructions at those locations and ...
- 177
0
votes
0
answers
547
views
Failed to attach: unable to connect to remote frida-server: closed
I'm trying to bypass Frida (Android) local port scanning detection, so I followed this guide. The sequence of commands I used are : (magic_man is alias for frida_server)
adb root
adb push magic_man /...
- 101
0
votes
0
answers
73
views
Is game hacking all about memory manipulation?
I wanted to know if game hacking is all about manipulating memory ?
and If we need anything more than, this topics for game hacking ?
memory manipulation
Reverse engineering
Windows internals
C++ ...
- 1
0
votes
0
answers
101
views
How to exclude "Process Monitor" from Themida's list of monitoring programs
Can Themida be made to whitelist a particular program of its list of "monitoring programs", whether through reversing or compile-flags?
I want to exclude Sysinternals "Process Monitor&...
- 169
1
vote
0
answers
129
views
UBIFS image weirdness [SOLVED]
So, I dumped old routers ubifs image from memory and apparently it can't be read or mounted, throwing errors like "missing block size" and "missing data" although I see in hexdump ...
3
votes
1
answer
234
views
Load process from memory dump
Are there any tools that can "record" the memory space of a process and then be able to restore it from a certain timestamp? As in, the process is recreated in the exact same state as if &...
- 153
2
votes
0
answers
57
views
WinDbg Preview search is not returning results
I am attempting to manually unpack a malware sample. I am using the new WinDbg Preview (only thing that is available to download now). After letting the malware call VirtualAlloc I am trying to search ...
- 131
3
votes
1
answer
140
views
A few questions about reloc tables and base memory
A friend and I are poking around with some 32-bit Windows binaries and wanted to get some info about relocation tables.
What is the difference between an exe that does not contain a relocation table (...
- 157
3
votes
4
answers
564
views
Reverse Engineering CTF help
I am having trouble figuring out this microcorruption challenge in the link below: https://microcorruption.com/debugger/Halifax
Basically, the 0x7f interrupt has been disabled so I must reenable it ...
- 141
2
votes
0
answers
198
views
How to decrypt data during runtime before executing and then encrypting it back
I was doing some research and came across the term protectors. From my understanding is they encrypt a file to be protected but run it without an issue. During its execution it is able to decrypt the ...
- 21