Questions tagged [debugging]
Process of analyzing live programs through software (e.g. ptrace) or hardware (e.g. JTAGs) devices.
632 questions
0
votes
0
answers
18
views
Kernel object code coverage?
I research kernel object (ko file that loaded into kernel) in Android aarch64 .
Is there any way to make code coverage to kernel object? That ko don't print any log to kmesg.
Maybe is there any way to ...
- 1
0
votes
1
answer
286
views
Code injection to system process(lsass.exe)
I allocated an RWX (PAGE_EXECUTE_READWRITE) memory region inside LSASS.exe (i tried a RX codecave), then wrote my shellcode there.
After that, I tried to execute my shellcode via NtQueueApcThread → ...
- 1
0
votes
0
answers
75
views
Bypass Update Prompt to Run Main Program
a software called Android Utility v175 https://www.mfdl.io/
it is Checking for Update before redirect to Main Program so i wanted to bypass that update checking or something like to tell software that ...
- 1
0
votes
0
answers
127
views
Problem with deobfuscation .NET-file, protected with XerinObfuscator, Anti-dnSpy and Anti-Debug
I am trying to analyze a .NET file that I suspect is malicious. The file is protected by XerinObfuscator and also has Anti-dnSpy and Anti-debug protection. I tried to use de4dot to deobfuscate it, but ...
- 1
1
vote
1
answer
88
views
Modifying CreationFlags in CreateProcessA with OllyDBG2 with CREATE_SUSPENDED
I am trying to attach the OllyDBGv2 debugger to an external program that is created by CreateProcessA found in a win32 based binary but I strongly suspect that the process is created/ran and ...
- 113
1
vote
1
answer
73
views
Dynamic analysis of Android applications' interaction
There are two or even more Android applications that somehow interact with each other:
Application A invokes application B or sends request to it directly or via third application C. I don't have the ...
- 113
2
votes
2
answers
112
views
What's the best way or approach to debug binary Linux library?
I've got a header file (I know the functions and have some documentation) and a .so file:
From a wrapper library and from context, I need to call "Connect", but it does not work, just fails ...
0
votes
0
answers
83
views
How to use reverse engineering to learn how facebook send messages?
I would like to know how I can use reverse engineering technique to learn how Facebook/messenger send messages? I were analyzing my developer tools network tab, but couldn't find anything. Fiddler ...
0
votes
1
answer
93
views
Offset addressing
I’m writing a C-SKY (CK803S) processor module for IDA Pro, and a question arose about offsets in transitions, small ones are fine, but long ones lead to nowhere, from the documentation:
in code I ...
- 53
0
votes
2
answers
216
views
How can I debug if the program closes directly?
I'm trying to debug a game and it's closing under few circumstances:
When debugging (solved by hooking IsDebuggerPresent to return false when called by the game)
When setting a memory/hardware ...
- 161
0
votes
1
answer
268
views
APK/Apktool If I decompile and recompile sources the app does not start
I'm trying to reverse an apk but there is a strange thing that happens, probably something new for me, basically if I decompile only the resources (not dex files) and recompile it zipalign/sign, the ...
- 1
1
vote
0
answers
154
views
Got access to SWD, but I need to identify the chip
I was able to connect to the chip via SWD/openocd, but I can't figure out what chip it is (says SM9PQ1 2322-52 on chip, googled but cant find anything). I'm hoping to download the firmware after I ...
- 11
2
votes
2
answers
168
views
What is the gdb command equivalent of bp MODULE_NAME+0x12345678 in WinDBG?
What is the gdb command equivalent of bp MODULE_NAME+0x12345678 in WinDBG?
I found this command useful to debug with ASLR (w/o disabling it).
- 113
0
votes
1
answer
96
views
IDA Pro: JDWP error: ABSENT_INFORMATION - Desired information is not available
I am trying to debug a dex file from an APK file in IDA Pro. I set some breakpoints when launching the activity. When I start the process, the application waits for the debugger. After some time, IDA ...
0
votes
1
answer
131
views
Trying to reverse encypter to decrytper in C. Can't figure out what I'm missing
Goal:
Trying to reverse encrypter to decrypter that successfully decrypts.
This is the pseudo-code of the disassembled encrypting program. There are no function calls, and I've been able to somewhat ...
1
vote
0
answers
58
views
Retrieve functionality to button - game patching
I'm patching an old game, and I want the retrieve the toggle fullscreen functionality it's supposed to have.
In the menu, in the display tab, there is a disabled option of fullscreen mode that you can ...
- 21
2
votes
2
answers
274
views
Debugging of any x86(_64) executable producing strange results under Parallels + Windows on Arm
Recently, I have been experimenting with using an M1 (Arm64) Mac full-time for RE work, including Windows on Arm under Parallels with x86(_64) binaries. From several online sources discussing this use ...
2
votes
1
answer
243
views
Rename a program's button using x64dbg?
I'm trying to change the name of a button, but I can't find anything that references it. I looked for the CreateWindow function in the intermodular calls, but I only found a reference to the main ...
1
vote
0
answers
70
views
JEB pro is not showing xrefs for native code (arm)
i have this problem when analyzing arm shared object.
when working with IDA pro, it finds all xrefs but in jeb, most of xrefs are missing.
when JEB finfishes, the final analysis lacks most of xrefs. I ...
- 51
0
votes
1
answer
133
views
How to reverse a USB firmware patching tool for another device?
I have a USB device from a vendor (TRENDnet) that has the exact same chipset as a QNAP device with an available firmware patching tool.
It's my belief that this firmware patching tool should work ...
- 101
1
vote
1
answer
87
views
Should shell32.dll be in executable search path for winword.exe with WinDBG?
I'm threat hunting and I'm curious if there should be a shell32.dll in the executable search path in windbg for winword.exe.
user42604
3
votes
0
answers
207
views
What is the best emulator/environment for android debugging?
I know the question smells like I want a ready solution but I have been trying many things and after a lot of headaches, still I can't do what I want.
There are fast emulators but they don't provide ...
- 51
4
votes
2
answers
342
views
Malware analysis - Debugger hangs at HttpSendRequestA
I'm reverse engineering a malware that at some point tries to connect to http://api.ipify.org in order to get the IP address of the infected PC.
I was able to replicate this behaviour with a small ...
- 318
3
votes
1
answer
65
views
Can radare2 skip syscall when `db main;dts+;dc`
more detailed see this
In short, I want to skip syscall when recording program, but it seems that the program would always stop after ths syscall.
Hope someone can help me. Thanks.
below is running ...
- 133
3
votes
0
answers
277
views
PEStudio DLL analysis: flag in export section
I start to use PEStudio for DLL analysis; I understand (more or less) everything, except the "exports (flag)" section:
What does it mean the X in the flag column? So, what is a/the flag?
...
- 131