All Questions
Tagged with pe decompilation
8
questions
4
votes
2
answers
2k
views
How can I get xrefs to class member variables in IDA?
I'm working on a decompilation of a windows PE (with its full debug symbols in a PDB) and I'm using IDA to help with it.
I want to know how I can get a list of all references to a given class member ...
1
vote
0
answers
35
views
How to tell when Cor20 starts for DLL's that are supposed to meet ECMA-335?
When I look at a .Net compiled DLL that is supposed to conform to ECMA-335, I see the PE Header well defined up to 0x1EF, but there seems to be block between 0x1F0 and 0x208 which is mainly 00's that ...
1
vote
1
answer
195
views
Static Offset in PE
I am making a crackme, that get's hexadecimal values and converts it to ASCII to get the password.
The problem is I use a part of code into the main function to search the opcodes from .text section ...
0
votes
1
answer
155
views
How can I tell if a virus was made by Russians? [closed]
I have been looking around quite a bit on the internet for something that could tell me more than basic section on a binary.
I have a PE file and usually I see just what compiled it (MSVS or GCC ... ...
2
votes
0
answers
3k
views
Unpacking Inno Setup installers with InnoExtractor?
I want to know how to use the application InnoExtractor to unpack/extract the files of Inno Setup installers. Some good tutorial/video to learn?
I get this application from here.
42
votes
8
answers
82k
views
Is there any way to decompile a .NET assembly or program?
Are there any tools available to take an already compiled .dll or .exe file that you know was compiled from C# or Visual Basic and obtain the original source code from it?
43
votes
3
answers
28k
views
Unpacking binaries in a generic way
I find that more and more often binaries are being packed with exe protectors such as upx, aspack etc. I tried to follow a few tutorials on how to unpack them but the examples are often quite easy ...
19
votes
4
answers
15k
views
Checking if an .exe is actually a .jar wrapped in an .exe
Let's say I have a .jar file and wrap it into a .exe using any number of free utilities out there, like JSmooth.
Would it be possible to tell, given just the .exe, if it was generated using one such ...