All Questions
12
questions
0
votes
0
answers
42
views
Exe self-modifies strings searched in debugger
I'm studying a Windows binary file and while searching for some string I noticed the EXE modifies the searched string, e.g., if I search "This is a string", it's modified to "his is a ...
- 1
1
vote
0
answers
65
views
Wrong access .data segment
Preface
I'm a PHP programmer, in my spare time I've been doing reverse work. Achieved good progress in the analysis game. But there was a big problem on my way. And now, more than ever, i need the ...
- 11
0
votes
3
answers
300
views
What is the best way to change the call-graph of a PE file without changing its real behavior and without packing it?
What i want to do is take a PE file, extract its call-graph, and then inject a junk function in it, so for example by injecting a junk function inside of it, and changing a call instruction's opcode ...
- 518
1
vote
1
answer
407
views
Adding a static variable to Windows DLL
I'm trying to patch a function in a Windows x86 DLL, however it turned out that I need a static variable to store some state that wasn't correctly preserved by the original executable across calls.
I ...
- 111
1
vote
0
answers
336
views
Is there a way to generate a PE from a web assembly module?
I am in the process of analysing a large web assembly. I have the compiled .wasm file and using the tools available I can convert this to a .wat text representation. Currently, I am doing the ...
- 11
0
votes
1
answer
129
views
Identifying code that accesses encrypted overlay in PE
I’m reviewing a malware sample that stores an encrypted PE file in its overlay. I’m attempting to identify in IDA pieces of x86 that may be responsible for accessing the overlay and performing the ...
- 21
7
votes
2
answers
18k
views
Import table vs Import Address Table
What's the difference between the Import Table and the Import Address Table?
- 427
-1
votes
1
answer
315
views
where the variable and it's size are stored inside windows executabe file?
i am beginner in reverse engineering. i want to understand where the variables and it's size are stored inside an windows executable file.
somehow i can able to find the values of variables i ...
0
votes
1
answer
445
views
Create unprotected executable for program that decrypts itself at run-time dynamically? [closed]
Say i have Windows executable that looks like normal one, but actually has encrypted segments or blocks of code, and the way it calculates key to decrypt itself at run-time way hard for me.
I'd like ...
- 163
2
votes
1
answer
974
views
Why does an exe's import Table have two refrences to kernel32.dll (or any other dll)?
According to what I know, Import Descriptor table is made of an array of _IMAGE_IMPORT_DESCRIPTOR structures. There is one _IMAGE_IMPORT_DESCRIPTOR for every dll that is imported.
I have an exe which ...
- 391
8
votes
1
answer
1k
views
Can I set entry point at code in PE headers?
If I set something like 0x00000040 (my code is located at this address), then the program crashes with this error:
The application was unable to start correctly (0xc000007b)
But if I jmp from the ...
- 81
7
votes
3
answers
4k
views
Reverse engineering a VC++ video game
So I know x86 machine language and C++/C language. In the last weeks I've dedicated to learn Windows internals and especially PE format. My target is retrieving the Tomb Raider The Angel of Darkness ...
- 421