All Questions
13
questions
0
votes
2
answers
849
views
What is the data on the start of .rdata segment?
I've been doing some reverse engineering lately trying to improve my skills and came across the following bytes on the start of .rdata segment.
Filename: C:/cygwin64/bin/xkbcomp.exe
Bytes:
70 D3 FD FF ...
2
votes
1
answer
266
views
Garbage Assembly Code Generationat at random offsets
Recently I've been working on a project. The main purpose of the project is to generated statically undetectable PE samples. Where each time one generates a PE sample, each generated sample is going ...
1
vote
1
answer
597
views
What is physical address on a pe reader?
What is physical address on a Pe file? I had search on the microsoft website article about pe files and don't have found anything.
2
votes
1
answer
733
views
Pe 32 Add Export function Segment by Extending with dll or Patching pe
I need to add new function inside pe32 module.dll Export Table , in dynamic way if possible ( via extending with dll ) or by patching pe32 module.dll
What can u suggest to solve this ?
1
vote
1
answer
407
views
Adding a static variable to Windows DLL
I'm trying to patch a function in a Windows x86 DLL, however it turned out that I need a static variable to store some state that wasn't correctly preserved by the original executable across calls.
I ...
1
vote
1
answer
1k
views
How to embed PYZ.-00.pyz_extracted folder with entry .py file to generate exe file?
I have decompiled exe using pyextractor script and generated
these files:
PYZ-00.pyz
PYZ-00.pyz_extracted
gui
pyi_rth_tkinter
pyi_rth_multiprocessing
pyi_rth_pkgres
pyi_rth_win32comgenpy
...
1
vote
0
answers
102
views
Set Breakpoint on ActiveX Property Being Set (No Symbols)
A program is loading an VB6 based ActiveX control that has several property, for example ConnectionString.
The application is dynamically generating the values it provides at runtime, so it is not ...
2
votes
1
answer
223
views
How are __argc and __wargv globals exported from a 64-bit PE file compiled with Visual Studio?
I need to inject my code into a 64-bit process. I'm wondering, how can I access __argc and __wargv global variables once in the injected process?
Are they always present at a static/preset address?
-1
votes
1
answer
315
views
where the variable and it's size are stored inside windows executabe file?
i am beginner in reverse engineering. i want to understand where the variables and it's size are stored inside an windows executable file.
somehow i can able to find the values of variables i ...
2
votes
1
answer
646
views
To what points [esp+2Ch]?
I am analyzing a Windows executable file(PE Format), probably written in Borland Delphi. The program starts with the following instructions:
pusha (1)
pushf ...
2
votes
1
answer
2k
views
Retrieving the contents of PE file sections
I am trying to get the contents of the .text section of a file (notepad.exe) using the following code:
#define SECHDROFFSET(a) ((LPVOID) ( (LPBYTE) a + \
((...
1
vote
2
answers
2k
views
Get the PE section address
I study an analysis paper about a trojan and there are the following assembly lines:
.text:004010D0 Get_PE_section_address proc near
.text:004010D0
.text:004010D0 arg_0 = dword ptr ...
0
votes
1
answer
772
views
How does WinLoad.exe load the rest of the operating system?
I have disassembled the file WinLoad.exe as a 32-bit PE for i386 ISA, and I'll show some of the instructions I do not get are for:
call 0x00408b6d <---
test al,al
je 0x0040109f
lea ...