1,681 questions
0
votes
1
answer
37
views
Disassembly view in Xcode: how can I symbolicate a function's address?
In Xcode, I set a breakpoint to a function which is a part of an iOS framework and the disassembly view showed up. All function calls except one (0x1bb286280) were symbolicated (i.e. Xcode showed the ...
- 125
2
votes
0
answers
68
views
Bypassing C64's PETSCII to screen code mapping
In upper-case mode, the C64 PRINT ASC("A") prints 65 - the ASCII/PETSCII code.
But POKE 1024,65 prints the shifted A character. PRINT CHR$(65), however, prints the proper 'A' character.
With ...
- 948
2
votes
1
answer
96
views
why is there a "RETF 4" at the end of the disassembled function?
im disassembling the old 1989 Borland tool TDSTRIP.EXE that can extract Turbo Debugger information from executables and stumpled over this path-normalizing function
this is the signature im using ...
- 779
0
votes
0
answers
81
views
Disassembling multiple files in IDA Pro using Python
I am quite new in IDA Pro. I am trying to disassemble multiple .exe files and save the assembly codes as .asm files. I tried to write a Python script for that. But I don't know how to load an .exe ...
- 1
0
votes
1
answer
449
views
How to Debug a Process Launched by Another Application with IDA
I'm learning reverse engineering with IDA Pro and debugging a launcher application (start.exe) that launches another executable (main.exe).
start.exe takes two inputs (call them X and Y), processes ...
- 115
3
votes
0
answers
90
views
Stack alignment and argument accessing in disassembly? [duplicate]
Kind note: This question does not relate to ARM assembly. I used the Android tag, and I am adding this for clarity.
I know how assembly works, but I am new to disassembly, especially accessing the ...
- 358
1
vote
1
answer
173
views
8086 memory to accumulator encoding: why do mov al, [absolute] and mov ah, [absolute] have different sizes?
mov al, [10] ; a0 0a 00
mov ah, [10] ; 8a 26 0a 00
After assembling the above 8086 assembly code using NASM, I noticed a length disparity in the resulting machine code (shown in the comments above ...
1
vote
0
answers
22
views
Disassembly output of data and rodata sections (x86_64, nasm) [duplicate]
I've been playing a bit with assembly for a while and I think I have an okay grasp on it. I can write simple things in it, and I can read it okay.
Now I want to try a bit of machine code.
So, I wrote ...
- 346
0
votes
1
answer
151
views
Assembly x86 to C [duplicate]
As I understand it the following assembly x86 code converts to something like this in C:
cplayground.com
#include <stdio.h>
void f(const int *arr, int length) {
char buffer[32] = {0};
...
- 129
3
votes
0
answers
154
views
How do I interpret xdata and pdata section to hand-write RUNTIME_FUNCTION and UNWIND_INFO for RtlAddFunctionTable?
I am trying to inject some assembly code at runtime to circumvent a restriction in my language's runtime (VBA). I was originally writing assembly by hand compiling with flat assembler fasm, but found ...
- 5,625
2
votes
1
answer
134
views
How to determine default operand size for instruction decoding x86-64
I am currently trying my hand at writing a program that decodes x86-64 instructions into assembly, but I am stuck on determining the default memory/register operand size when dealing with instructions ...
- 23
1
vote
0
answers
183
views
It's there any way to get the thumbnail from the sai2 file?
For example, you can use some means to parse psd files and export them into image files, but how does PaintTool SAI2 get thumbnail?
I tried x64dbg and IDA Pro to debug sai2.exe and got the folder C:\...
0
votes
1
answer
107
views
Listing imported functions from a Windows PE file
I am trying to recover the imported functions from a PE file. The code looks for call instructions in the disassembled .text section and then checks the call destination address against the function ...
0
votes
0
answers
117
views
Recover a corrupted pickle file
I have a corrupted pickle file. I follow this to try to recover my file: how to read corrupted pickle file
I read and try to understand how the file work to complete the file and as a result, I ...
- 31
1
vote
0
answers
114
views
How to turn C Code into Assembly Code that a dissasembler would produce, using GCC?
I want to learn Assembly so I can reverse engineer disassembled Programs eventualy. I figured it would be best to learn C with Assembly side by side.
I know now that there are different stages ...
1
vote
1
answer
96
views
Linux kernel printk disassemble
This is in continuation of an existing SO post here.
I have the following function in a dummy kernel module for x86_64 platform.
static void dummy_function_1(int arg1, char arg2) {
printk(...
- 8,378
0
votes
0
answers
68
views
How can an address that receives bytes through movs transfer bytes to another address that receives bytes through movups
Memory Viewer
I need to assign the value of the upper address to the lower one, but they have different commands, the first one has movups, and the second one has movss
I have this code in an auto-AOB ...
- 5
0
votes
0
answers
99
views
How to dynamically get operands from a instruction in memory in c++
Im trying to read a instruction from another processes memory and get the operands dynamically. For example if the instruction is MOV how can i know that it has 2 operands?
The process is x64
I tried ...
- 33
0
votes
2
answers
110
views
Can somebody help me understand this piece of x86 assembly?
I need to convert a piece of code to SIMD using intrincics.
So I first looked at the disassembly of then none-SIMD code.
And I see that the compiler seems to do some tricks I do not understand.
This ...
- 45
2
votes
0
answers
113
views
Instructions sub $0x8,%rsp , add $0x8,%rsp at the end of every single program
Every single program I've disassembled (except for libraries) contained this at the end
Disassembly of section .fini:
0000000000002f58 <.fini>:
2f58: f3 0f 1e fa endbr64
...
- 29
-4
votes
1
answer
160
views
Assembler CMP ESI, -20: Why is dword ESI compared to a byte? [duplicate]
76EB750D 83FE E0 CMP ESI,-20
76EB7510 0F87 AD000000 JA msvcrt.76EB75C3
Why is dword ESI compared to a byte?
If ESI equals FFFFFFF0 then the jump is performed. If ESI equals FFFFF0F0 ...
- 342
1
vote
1
answer
157
views
Understand strange code found in ReadOnlyMemory<T>
I looked with IL disassembler into the code of the Length property of the ReadOnlyMemory struct (.NET 461) and found this strange code:
public int Length => this._length & int.MaxValue;
what ...
- 29.7k
1
vote
1
answer
168
views
Mysterious ARM Opcode
In decompiling a hex file for a Texas Instruments ARM (Thumb 2) Cortex-M4f processor (CC2652RB), I have come across an opcode that I can't figure out.
What does "90 FF FF 00" do (maybe the ...
- 297
2
votes
1
answer
271
views
Why does this code speed up when function call overhead is added to the loop?
I have the following Swift code that that takes an iteration count and another argument and performs some computation in a loop.
@inline(never)
func rawComputeAll(iterCount: Int, timeStep: Double) -&...
- 1,197
0
votes
1
answer
272
views
How movss opcode need to be interpreted?
I get this Disassembly code on Visual Studio IDE's Debugger, from a C++ build:
For what I see on movss instruction, it should be
F3 0F 10 /r MOVSS xmm1, xmm2 -- Merge scalar single precision ...
- 48.3k