Reverse Engineering Weekly Newsletter - Friday, May 29, 2015

Reverse Engineering newsletter

Top new questions this week: How do i make gnu as recognize all ARMV7 instructions? I disassembled an android library with IDA, and want to do some extra steps at the end of one of the functions. Currently, the last instruction bytes are BD E8 F0 8F, in thumb mode, which IDA ... arm opcodes   asked by Guntram Blohm 3 votes answered by Ian Cook 4 votes IDA Pro: Side effects or disadvantages of "Create function" Some instructions in a binary do not belong to a function, or, IDA does not manage to recover one. See for example the red addresses in the below screen shot. Yet, one can right-click such ... ida disassembly idapython static-analysis disassemble   asked by stackoverflowwww 2 votes answered by Guntram Blohm 3 votes Setting name of (newly created) functions via IDAPython Is there a way to specify the name of a function when creating it with idc.MakeFunction()? If not, what is the best practice to rename a function? I found idc.GetFunctionName(ea) but no counterpart ... ida idapython   asked by stackoverflowwww 1 vote answered by Jason Geffner 1 vote Initial ESP and EBP values (Windows x86) After PE loads into memory, sections are mapped depending on IMAGE_BASE value (assume there is no ASLR and it is always the same) and sections table. My question, how EBP value is determined (I ... x86 register   asked by ST3 1 vote Methods of discovering the location of nag/pop-up screens besides string search? I would like to remove a nag screen from a popular program. To do this I need to make sure the screen never gets called. So, the first task is to find the actual location of the nag (where it is ... ollydbg .net   asked by Nopslide__ 1 vote answered by Jason Geffner 2 votes Question about dwFlags and IDA (or any simple way to translate dwFlags) This is just a simple questions regarding the hex values passed as dwFlags and translating them to their actual meaning. I found this thread ... ida   asked by bboitano 1 vote answered by Sen 2 votes Load IE symbols in Immunity Debugger I know Immdbg already recognizes Windows internals function names, like kernel32.dll and user32.dll What I want is to load Internet Explorer symbols the same way WinDbg does. Does someone knows it is ... immunity-debugger debugging-symbols iexplorer mshtml   asked by jyz 1 vote answered by Extreme Coders 4 votes Greatest hits from previous weeks: Bypassing copy protection in microcontrollers using glitching The ATmega microcontrollers generally have two lock bits, LB1 and LB2. One prevents further programming, and the other prevents the flash being read back. If both are set, the chip needs to be erased ... hardware copy-protection   asked by Cybergibbons 32 votes answered by justsome 11 votes What are the targets of professional reverse software engineering? At the professional level, for what purpose is reverse software engineering used? What software is targeted and why? For reasonably complex compiled code that's doing something novel, making ... disassembly   asked by Praxeolitic 25 votes answered by joxeankoret 33 votes

Subscribe to more Stack Exchange newsletters Unsubscribe from this newsletter or change your email preferences by visiting your subscriptions page on stackexchange.com. Questions? Comments? Let us know on our feedback site. If you no longer want to receive mail from Stack Exchange, unsubscribe from all stackexchange.com emails. Stack Exchange, Inc. 110 William St, 28th Floor, NY NY 10038 <3