Questions tagged [pe]
a file format for Windows executables, object code, DLLs, and more. Commonly found extensions of PE files include .exe, .dll, .ocx, .sys, and .scr.
44
questions with no upvoted or accepted answers
3
votes
0
answers
171
views
What in this modified PE file causes MsMpEng.exe to consume 4 seconds of CPU?
The relevant files for this question are here:
https://cubiclesoft.com/Unrelated/32_pe_msmpeng_test.zip
Contains a before and after DLL. This simple PHP script demonstrates the problem:
<?php
...
3
votes
0
answers
304
views
IDA: How to automatically resolve references to Imports in modules loaded manually?
every time a program is loaded manually (allocating memory for the PE image, copying sections, resolving imports, relocations, etc ) I need to use C ( define code ) and P (create procedure/function) ...
2
votes
0
answers
85
views
The execution is not at AddressOfEntryPoint after patching .text section bytes
I have a shellcode and want to inject my shellcode into a PE file (a simple compiled c program that prints Hello World on the screen) . My shellcode size is 0x2a1 and the .text section of my PE file ...
2
votes
0
answers
128
views
List of unsolved problems of reverse engineering
Decided to write out a list of still unsolved fundamental problems in the field of reverse engineering.
This means that today - there is no easy solution to these problems, or problems that can only ...
2
votes
0
answers
157
views
statically placing hooks on PE file's IAT
recently I started writing my own PE library for C++, and wanted to implement static IAT/EAT hooking, (basically hooking by patching the file instead of hooking at runtime), I managed to successfully ...
2
votes
0
answers
58
views
How to obtain import name from disassembled assembly
I'm trying to create my own tools for reverse engineering PE. I have some assembly codes that I fetched from a clone of objdump for a program. Sometimes I see call instructions such as :
callq *...
2
votes
0
answers
85
views
Where can I find these compilers given in the Rich Header of a system BIOS file?
I am working on a project which deals with the BIOS file of a well known manufacturer.
I recovered the file from the disk partition which stores and uses the file in case BIOS is corrupted or its ...
2
votes
0
answers
265
views
What is the meaning of call ds:ApiName[registry*constant] in IDA .asm files?
I have a dataset of .ASM files generated by IDA (dont have the corresponding file)
And there are a lot of calls like this :
.text:00637114 5F pop edi
.text:...
2
votes
0
answers
117
views
Patching a variable's type in an executable file
Let's say i have a program.In this program i have a variable named PacketSize of type Short.I want to change the variable's type to Int.
Now if i am able to locate this variable's location in the ...
2
votes
0
answers
5k
views
Invalid Win32 application/Not a valid Exe
I am currently trying to reverse a program that is EXE format, and I believe written and compiled with Microsoft Visual C++ 2010. The end goal is to map the executables functions, and find a method to ...
2
votes
0
answers
737
views
Debugging digitally signed executable
I'm having trouble debugging a win32 executable file under Windows 7. I've tried using ollyDbg and x64dbg: the former simply does nothing, while the latter complains with an "Error starting process (...
2
votes
0
answers
3k
views
Unpacking Inno Setup installers with InnoExtractor?
I want to know how to use the application InnoExtractor to unpack/extract the files of Inno Setup installers. Some good tutorial/video to learn?
I get this application from here.
2
votes
1
answer
614
views
How to restore IAT?
I have the start address and the end address of the IAT
now im trying to restore the table/folder of it.
the start address is: E7C000
thx for helping
1
vote
0
answers
155
views
Inject a MessageBox to the PE file
I'd like to patch some Windows PE file to show just simple MessageBox. Taking into account that the PE in question doesn't import the MessageBoxA function if I'm right that all i need to do is to add ...
1
vote
0
answers
40
views
Is it possible for different dynamic memory addresses to share the same offset value?
I am currently using cheat engine to hack a game. I used the pointer scanner to find some pointers to the pistol ammo memory location. I then went to look for pointers to the shotgun ammo memory ...