Skip to main content
Reverse Engineering

Questions tagged [static-analysis]

Ask Question

Static analysis is the analysis code without actually executing it. This is in contrast to dynamic analysis which executes the code.

223 questions
Newest Active Bountied Unanswered
1 vote
0 answers
53 views

So I am targeting an arm64 Mach-O dynamic library (.dylib), and I want to patch a specific objc method using nops. Here’s the view from binary-ninja: As you can see, the name of the method is ...
Rage Kill's user avatar
  • 11
3 votes
1 answer
161 views

I am studying binary lifting and the impacts of intermediate language representations. I have a binary that is an x86 PE file with a stripped header. I have many of these files so I need a more sample ...
Teijen's user avatar
  • 31
1 vote
0 answers
67 views

I am developing a static analysis automation tool to help me on CTFs. It would be nice for me to discover from where a certain argument of certain functions is coming from (does it come from a ...
gcsar's user avatar
  • 11
1 vote
0 answers
206 views

How to extract all syscalls from analysing a statically linked binary. I have a script written using angr(Latest - v9.2.78) but when I start my script I get few syscalls and the analysis is like hung ...
0x4E4F4F42's user avatar
  • 11
1 vote
0 answers
58 views

I'm patching an old game, and I want the retrieve the toggle fullscreen functionality it's supposed to have. In the menu, in the display tab, there is a disabled option of fullscreen mode that you can ...
Yair Derry's user avatar
  • 21
3 votes
1 answer
284 views

Finding the start of a function is sometimes obvious - for example if some part of the code has a call foo then foo must be a function. But what about finding the end of a function? I realize tools ...
Alex Shroyer's user avatar
  • 143
5 votes
1 answer
690 views

I'm working on a disassembly of an old DOS game. (Real old: 16-bit, real mode.) The bulk of the game is in a large resource file of mixed binary and data; the executable basically just loads a chunk ...
Peter Malamud Smith's user avatar
  • 51
1 vote
1 answer
166 views

Recently I have been given a set of assembly instructions which I must learn to understand. I know an extremely basic level of x86 assembly but I'm starting to come across more nuances that are very ...
guest1's user avatar
  • 13
2 votes
0 answers
139 views

I am using Ghidra to build the function call graph of a method in java and therefore I am analyzing the bytecode of java and when I read an "invoke" instruction I have to go back to the name ...
alelib's user avatar
  • 21
3 votes
0 answers
116 views

I've been looking for a capturebat alternative that will function on Windows 10 and 64 bit. I'm not interested in capturbat's network capabilities; rather, I'm interested in its capacity to capture ...
dakar111's user avatar
  • 31
2 votes
0 answers
61 views

I'm doing binary analysis based on Control Flow Graph (CFG). As I suppose to get the APIs from every block in the CFG. I'm finding it very difficult to do so using Angr as I don't have enough grip on ...
okokok hack's user avatar
  • 39
0 votes
1 answer
87 views

Note: The uninterrupted disassembly is at the bottom Hey, I'm looking at the the assembly and I'm trying to reverse engineer the function Here, it seems like we are saving the previous rbp. Though, it ...
Happy Jerry's user avatar
  • 101
1 vote
0 answers
121 views

I hope there is a proper way to fix my issue. Here's memory layout: .data:004F3D10 char * * gTownObjNames dd offset aMage ; DATA XREF: townManager::SetupTown(void)+245↑r .data:004F3D10 ...
mastermind's user avatar
  • 33
3 votes
1 answer
2k views

I got an assignment to analize an exe file with 97% entropy. It's obviously packed but I got no results from Protection Id or PEid about which packer it used... How can I unpack it if it's possible? ...
beytrod's user avatar
  • 33
2 votes
1 answer
606 views

I am a new master's student in CS. I am into the computer systems domain. I was just thinking of analyzing a statically linked binary to get a sort of database of system calls made in the binary and ...
Abhishek Ghosh's user avatar
  • 121

15 30 50 per page
1
2 3 4 5
15