Skip to main content
Reverse Engineering

Questions tagged [x86]

Ask Question

A family of instruction set architectures originally based on the Intel 8086 CPU that functions with a very wide array of operating systems, including Windows, MacOS X, Linux, BSD, and Solaris.

495 questions
Newest Active Bountied Unanswered
Filter by
Sorted by
Tagged with
0 votes
0 answers
27 views

I'm trying to reverse engineer an old embedded system that has a NEC v40 on it, which is very similar to an 80186 (more like 80188) I guess. As a member of the x86 family, it has a separate I/O memory ...
andrejr's user avatar
  • 101
0 votes
0 answers
59 views

I have a display from TurzX where I can display CPU, GPU, etc info. I want to show the DLSS version and preset in the display. The reason for this is I just want to disable the in-game DLSS overlay ...
Aimkiller's user avatar
  • 101
0 votes
1 answer
201 views

Given this classic helloworld.c example, #include <stdio.h> int main() { printf("Hello world!\n"); } Under normal circumstances, a compiled EXE file consists of several sections, ...
wqte45's user avatar
  • 1
1 vote
1 answer
132 views

How can I attach into an x86 process from windbg? currently I am waiting for the process to load then I am breaking into wow64cpu!KiFastSystemCall to switch into x86 context and only then put bp to ...
Michael's user avatar
  • 13
0 votes
0 answers
94 views

In fastcall functions, the callee cleans the stack and returns the value in eax. This completes the function call.And actually we put first two arguments in ecx and edx, still caller cleans stack 8 ...
benoyum's user avatar
  • 1
1 vote
1 answer
138 views

I am developing an application integrity concept tool that performs integrity checks based on a comparison of Windows syscalls in a static PE file on disk to those loaded. Can I match the offset of ...
Shockmeister's user avatar
  • 11
1 vote
0 answers
98 views

I'm searching for a software that is capable of decompiling x86 code in C-like code and run a debug session within it with the possibility to see the content of the variables. That above was a quick ...
Alby87's user avatar
  • 111
1 vote
0 answers
204 views

How to extract all syscalls from analysing a statically linked binary. I have a script written using angr(Latest - v9.2.78) but when I start my script I get few syscalls and the analysis is like hung ...
0x4E4F4F42's user avatar
  • 11
0 votes
0 answers
177 views

let's say i have an ".exe program" and i want to disassemble it and get "disassembled code" . my question is => can i maintain and organize that "disassembled code" ...
0x00001F's user avatar
  • 23
2 votes
1 answer
245 views

The documentation for the Windows Debugger API mentions a debug event called RIP_EVENT. It offers little explanation of what a RIP_EVENT is, only stating that the structure "contains the error ...
tomysshadow's user avatar
  • 137
2 votes
1 answer
224 views

Consider x86 16 bit mode instruction: $ echo 66 EA 66 55 44 33 22 11 | xxd -p -r | ndisasm -b16 - 00000000 66EA665544332211 jmp dword 0x1122:0x33445566 I thought 16 bit code jumps work by combining ...
Uprooted's user avatar
  • 185
4 votes
0 answers
162 views

Sometimes, I see how someone puts on the github, some reverse engineering project for some famous game. By researching these projects - I come to the conclusion that: people just took the code from ...
user avatar
2 votes
1 answer
90 views

i am a newbie in the world of RE , i start to explorer a main entry of a classic game from 90's and i start to see something confuse me as a newbie this main entry function start with pushing stuff to ...
0x00001F's user avatar
  • 23
2 votes
1 answer
191 views

I am new to assembly. When I was disassembling some code, I encounter some strange instruction here. The instruction shows that (RBP + -0x40) is equal to local_48, however at the beginning of the code,...
Pytai's user avatar
  • 23
3 votes
1 answer
151 views

I'm going through the book Practical Malware Analysis (specifically, Lab07-03) and I've been stuck on a rather simple problem. I've divided the code section of main() into three parts to ease my ...
smellyourbooks's user avatar
  • 75
1 vote
1 answer
166 views

Recently I have been given a set of assembly instructions which I must learn to understand. I know an extremely basic level of x86 assembly but I'm starting to come across more nuances that are very ...
guest1's user avatar
  • 13
4 votes
1 answer
332 views

IDA's default x86 assembly syntax is not very clear about pointer dereferences. One of these is dereferencing the memory operand, and one is simply moving the address to the register: mov ecx, ...
thejoelpatrol's user avatar
  • 76
2 votes
1 answer
1k views

I do not understand the usefulness of the "far call" instruction in a 86 CPU. On a 32 bits CPU for example each process has an addressing space of 4Gb (0x00000000 to 0xFFFFFFFF). There can ...
Bob5421's user avatar
  • 787
0 votes
1 answer
87 views

Note: The uninterrupted disassembly is at the bottom Hey, I'm looking at the the assembly and I'm trying to reverse engineer the function Here, it seems like we are saving the previous rbp. Though, it ...
Happy Jerry's user avatar
  • 101
3 votes
1 answer
970 views

I'm a bit rusty and trying to analyze a piece of code in x32dbg. As follows: 0627BF49 | 8B0B | mov ecx,dword ptr ds:[ebx] | 0627BF4B | 8B85 CCF5FFFF ...
throwawayn000b9999's user avatar
  • 41
2 votes
0 answers
98 views

I am currently working on a deobfuscation tool for a Windows Driver (which is obfuscated). I am using Capstone to disassemble and Unicorn to emulate. I have run into a weird issue where the indirect ...
Ayyware's user avatar
  • 41
4 votes
2 answers
2k views

I have a Gigabyte G41MT-S2PT motherboard with Intel core 2 Pentium processor installed on it for test.I decided to disassemble its bios code.Its bios produced by Award Software International and its ...
Farshid's user avatar
  • 41
6 votes
4 answers
4k views

I am completely noob in reverse engineering, and I've just started to learn it. Now I have this question in my mind, that does a reverse engineer use any computer architecture knowledge for doing his/...
Sirius Black's user avatar
  • 63
0 votes
1 answer
108 views

Given the opcode 80 3d 1d b0 09 00 00. The corresponding capstone instruction is <CsInsn 0x66a4 [803d1db0090000]: cmp byte ptr [rip + 0x9b01d], 0> and has the following properties (c_i being ...
langlauf.io's user avatar
  • 1,570
1 vote
1 answer
189 views

Challenge #64 What does this code do? An array of array[x][y] form is accessed here. Try to determine the dimensions of the array, at least partially, by finding y. _array$ = 8 _x$ = 12 _y$ = 16 _f ...
Nicholas Humphrey's user avatar
  • 155

1
2 3 4 5
10