All Questions
13
questions
2
votes
0
answers
85
views
The execution is not at AddressOfEntryPoint after patching .text section bytes
I have a shellcode and want to inject my shellcode into a PE file (a simple compiled c program that prints Hello World on the screen) . My shellcode size is 0x2a1 and the .text section of my PE file ...
2
votes
1
answer
153
views
What are latest research in reverse engineering?
I am searching research papers related to reverse engineering between 2020 and 2022 but did not found good papers with latest research in the direction of reverse engineering.
So, what are the latest ...
1
vote
1
answer
597
views
What is physical address on a pe reader?
What is physical address on a Pe file? I had search on the microsoft website article about pe files and don't have found anything.
0
votes
1
answer
892
views
Restoring an Infected appending virus EXE file by
I'm trying to restore a file that was infected by a virus (gaelicum or tenga)
It's an appending virus.
This is the warning I get when opening it in OllyDbg
: ---------------------------
Entry Point ...
- 103
2
votes
0
answers
5k
views
Invalid Win32 application/Not a valid Exe
I am currently trying to reverse a program that is EXE format, and I believe written and compiled with Microsoft Visual C++ 2010. The end goal is to map the executables functions, and find a method to ...
- 123
0
votes
1
answer
140
views
How the same executable runs on different OS and hardware types?
I was playing around with Intel Pin and OllyDbg. And now I came up with the next question. Imagine we have PE32 executable that are able to run on both Windows 7 and Windows 10 (or any other versions ...
- 124
1
vote
0
answers
201
views
Modyfying PE file data section [duplicate]
I am a bit new to RE, so forgive me any weird or stupid questions.
The app that I am currently working on has strings I need to modify in .data section. That's why Ollydbg doesn't allow me to copy ...
- 11
1
vote
1
answer
1k
views
How do you calculate Address Start / Size of PE Section like .rdata / .data
I want to clone ollydbg's functionalities in vb6, so I could write my own tools easier then using it's scripting engine.
I started of with trying to map the memory map's addresses exactly the same ...
- 759
7
votes
2
answers
5k
views
How to Fix a memory dump of a dll - so i dynamically reverse it using olly \ ida
I need to analyze a memory dump of a malware module, unfortunately the sample is not the original dll, but the dump of the dll from the memory.
Now fixing the sections headers is fairly easy - i just ...
- 668
1
vote
2
answers
3k
views
debug a .dll compressed with pe compact
I am trying to load a DLL in IDA and OllyDbg, but it says the file is compressed. I checked with a couple of tools and came to know that the file is compressed with PECompact. I think it also has ...
- 203
5
votes
1
answer
4k
views
Why was my memory breakpoint not triggered in OllyDbg?
I am currently battling this protection on an 32-bit executable.
At some point during it's runtime, the protection gets the address of DbgUiRemoteBreakin and writes a JMP to ExitProcess as an anti-...
- 181
7
votes
2
answers
2k
views
Ollydbg target runs automatically
I have a target that automatically runs after I load it in to Ollydbg. This form, doesn't stop at the entry point (but continues to execute and at a point it pauses, I have to press shift+f9.)
Is ...
- 71
8
votes
3
answers
2k
views
Ripping/pasting code into an executable using Olly
I'm working with some x86 assembly code and I need to rip from one executable and paste that code into another.
Originally, I had an executable that was meant to accept two command line parameters and ...
- 1,022