reverse-engineering

问题 Well, i am trying to get the baseadresses for Loaded OSX Dylibs in running Proccesses on run time since a longtime now. Ive dumped all attached Dylibs on runtime using dyld_all_image_infos after using task_info, got there name and ImageLoadADDRESS,mach_header and segment_command. But i can't get there Baseaddress On runtime.. Everything works great except that i'm confused on how to get the actual Baseaddress of the requested Image in runtime! Also my Magic number which i got after Getting

问题 I am trying to decode the post data sent to graph.instagram.com by the Android instagram app. The question is simillar to the one found here: Reverse Engineer HTTP request It seems that either the iPhone app handles this differently to the Android app or something has changed since that question was asked. I've captured the traffic using Burp and it seems the main data is now sent to IG as a .gz file: POST /logging_client_events HTTP/1.1 X-IG-Connection-Type: WIFI X-IG-Capabilities: 3brTAw==

问题 I am trying to decode the post data sent to graph.instagram.com by the Android instagram app. The question is simillar to the one found here: Reverse Engineer HTTP request It seems that either the iPhone app handles this differently to the Android app or something has changed since that question was asked. I've captured the traffic using Burp and it seems the main data is now sent to IG as a .gz file: POST /logging_client_events HTTP/1.1 X-IG-Connection-Type: WIFI X-IG-Capabilities: 3brTAw==

问题 Recently I disassembled a DLL (written in c/c++) and noticed that there are many "jump stubs" inside the code segment. These stubs do nothing but jump to a function inside the DLL. eg: jmp foo() jmp foo2() ... Why does the compiler (Visual studio 2012) include these function stubs inside the binary? Thanks! 回答1: Is there a big bunch of 0xCC bytes after all the stubs? If so, you're looking at code which has been compiled with incremental linking enabled (default for debug builds). When

问题 I wrote a simple C program and compiled it for 32 bit architecture. But when I ran it, I found unexpected results. #include <stdio.h> int foo(int n) { int sum=0; int i; if (n <= 1 || n >= 0x1000) return n; for (i=0; i<= n; i++) { sum = sum + i; } return foo(sum); } int main(int argc, char** argv) { int n; n = foo(200); printf("\n\n main about to return %d \n\n", n); return n; } ➜ wbench gcc -o test.elf test.c -m32 -fno-stack-protector -mpreferred-stack-boundary=2 -Wall ➜ wbench ./test.elf

问题 I wrote a simple C program and compiled it for 32 bit architecture. But when I ran it, I found unexpected results. #include <stdio.h> int foo(int n) { int sum=0; int i; if (n <= 1 || n >= 0x1000) return n; for (i=0; i<= n; i++) { sum = sum + i; } return foo(sum); } int main(int argc, char** argv) { int n; n = foo(200); printf("\n\n main about to return %d \n\n", n); return n; } ➜ wbench gcc -o test.elf test.c -m32 -fno-stack-protector -mpreferred-stack-boundary=2 -Wall ➜ wbench ./test.elf

问题 I am playing around with manipulating a binary's call functions. I have the below code: #include <stdio.h> #include <stdlib.h> #include <string.h> void myfunc2(char *str2, char *str1); enter code here void myfunc(char *str2, char *str1) { memcpy(str2 + strlen(str2), str1, strlen(str1)); } int main(int argc, char **argv) { char str1[4] = "tim"; char str2[10] = "hello "; myfunc((char *)&str2, (char *)&str1); printf("%s\n", str2); myfunc2((char *)&str2, (char *)&str1); printf("%s\n", str2);

问题 Closed. This question is off-topic. It is not currently accepting answers. Want to improve this question? Update the question so it's on-topic for Stack Overflow. Closed 6 years ago . Is there available an Eclipse plugin to decompile class files when source is not available (generate .java source code from .class files), something similar to what Resharper does for C# in VS.NET? Alternatively, is there a plugin which enables a friendlier view of the API of a class files than the default

问题 I just want to know how I can change asm instructions in the IDA-view A: How to edit instructions(for instance: jnz to jmp)? How to insert new instructions(call func1, call func2 inserted to existing code)? I know how to make dif files, I know how to apply the changes on my DLL, but how can I "make the difference"? How can I edit the code in IDA? I learned how to modify a DLL: Modify code(how?) Generate dif file. Apply the code modifications to the DLL with the dif file and a script. 回答1:

问题 How to detect whether the class from the jar file is extending other class or if there are method calls to other class objects or other class objects are created ? and then system out which class extend which class and which class called methods from which class . Im using Classparser to parser the jar . here is part of my code : String jarfile = "C:\\Users\\OOOO\\Desktop\\Sample.Jar"; jar = new JarFile(jarfile); Enumeration<JarEntry> entries = jar.entries(); while (entries.hasMoreElements())