Skip to main content
Reverse Engineering

Questions tagged [address]

Ask Question

The tag has no summary.

51 questions
Newest Active Bountied Unanswered
4 votes
1 answer
136 views

Is ImageBase of a PE binary present in its PDB or can it only be retrieved from the binary? I have studied both Microsoft's PDB sources and LLVM docs without much luck finding it. In the DBI stream ...
mimak's user avatar
  • 577
1 vote
2 answers
749 views

I am trying to read the binary code in the text section of an executable game file (PE) programmatically but I don't know the start address and the end address of the text section. I am using C++/...
Lion King's user avatar
  • 269
-1 votes
1 answer
220 views

I am a novice for use ida pro and I do not know I change some settings that are maked left analyse address wrong.How I fix it?Thanks
moshui Z's user avatar
  • 1
1 vote
1 answer
934 views

I'm new to reverse engineering and I'm trying to get into using a disassembler - I've been using reclass for a while now. I was looking at IDA Pro and that was 7k euros so that was not an option. I've ...
Dankri jk's user avatar
  • 13
0 votes
1 answer
653 views

I encountered the following 2 instructions while reversing Tricore assembly: These 2 instructions load the final address: 0x804A9474. Where a global symbol resides. Is there a way to hint Ghidra the ...
toothpick's user avatar
  • 43
0 votes
1 answer
3k views

With the following command be correct in the following sequence? gdb-peda -q binary break main info registers
Alvin567's user avatar
  • 121
0 votes
1 answer
3k views

So I am wondering how can I get all sections and their info from a dumped PE file on the disk, using C++. I have the entire PE loaded on a buffer, the NT headers, and hopefully the DOS headers. I need ...
rafa_br34's user avatar
  • 28
1 vote
1 answer
1k views

I have this memory address 0F58F478 and this offset 5C. I'm using memory sharp and it works perfectly when I'm adding this number. IntPtr address = _mSharp.Read<IntPtr>(0F58F478, false) + 0x5C; /...
Sharki's user avatar
  • 153
2 votes
0 answers
556 views

I saw an interesting value in IDA at address 0xf8766; I want to view the value at that address. I debug an Android application with Frida, how can I put this address in Frida to watch this value? I ...
frida's user avatar
  • 41
2 votes
1 answer
7k views

Let's say there is a default base address for the application image on both IDA and Ghidra and it is equal to 140 000 000. If the function address is: 140 039 ea0 Does it mean that the offset from the ...
Irbis77's user avatar
  • 328
3 votes
1 answer
3k views

I have opened an executable with Ghidra, IDA and x64dbg (runtime). It seems that the address space in IDA and x64dbg is the same, but it is different from the one I see in Ghidra. When hooking through ...
Irbis77's user avatar
  • 328
1 vote
0 answers
142 views

I've never been able to access 0xf0000000 range using !db on local debug, and I've tried !db -m 00000000`fffffff0 and !db [uc] 00000000`fffffff0. I only get Physical memory read at fffffff0 failed. It ...
Lewis Kelsey's user avatar
  • 305
2 votes
1 answer
1k views

I am reverse engineering a very old LE MS-DOS binary and have convinced Ghidra that there are two segments in the file, one is the code segment and another one is the data segment. Now when I look ad ...
Jens Mühlenhoff's user avatar
  • 131
2 votes
1 answer
306 views

I am trying to rename a function address in IDA (free) and it says that the name I picked already exists in the database (Error Code: 8727B0) ... but the provided name does not show in the functions ...
David's user avatar
  • 121
0 votes
1 answer
207 views

Recently I work on Tricore Arch to reverse an algorithm. But I had a problem to find a constant value(4 byte). the line of code shown below: ld32.w d4, [a0]-0x68D4 I know a0 = 0xD00032E0 but ...
Unicornux's user avatar
  • 149

15 30 50 per page
1
2 3 4