Skip to main content
Reverse Engineering

Questions tagged [windows-10]

Ask Question

The tag has no summary.

42 questions
Newest Active Bountied Unanswered
0 votes
1 answer
91 views

I have tried using some popular editors like: sublime text, notepad++ to open mp4 file and after copy content of it. After copy, I added the mp4 extension to the newly copied file. As a result, the ...
QChí Nguyễn's user avatar
  • 333
0 votes
0 answers
71 views

I'm doing some vulnerability research against a Windows server application that serves some update files that clients can download. Using TcpView/netstat, I can see that there is an open port ...
BobNewby's user avatar
  • 3
0 votes
0 answers
86 views

I am analyzing some malware on Windows 10. I installed FLARE VM, disabled tamper protection and disabled the virus scanner in the registry. However when I attempt to run a malware, Windows is still ...
Jason Crosby's user avatar
  • 131
5 votes
1 answer
414 views

I was trying to look into the implementation of GetVersion function in kernel32.dll. I was surprised to see that the GetVersion thunk is issuing a jump to API-MS-WIN-CORE-SYSINFO-L1-1-0.DLL::...
caramel1995's user avatar
  • 205
-1 votes
1 answer
220 views

I am a novice for use ida pro and I do not know I change some settings that are maked left analyse address wrong.How I fix it?Thanks
moshui Z's user avatar
  • 1
1 vote
0 answers
106 views

I'm reversing windows .sys file and an import function RtlLookupEntryHashTable appears in my target functions. I want to know the pseudocode of it. How to achieve this? .text:00000001C00218C2 ...
anonymous bear's user avatar
  • 313
2 votes
1 answer
179 views

I wanted to perform static analysis on the Win32 function CreateFileW, so I loaded kernel32.dll using WinDbg and perform the command uf kernel32!CreateFileW. But I am seeing the following output ...
caramel1995's user avatar
  • 205
3 votes
0 answers
262 views

I'm trying to understand and patch the GUI in Microsoft Edge. When I look at the disassembly in 2 different debuggers (x64dbg and cutter), the API calls responsible for much of the GUI functionality ...
n0rmalguy011's user avatar
  • 31
2 votes
1 answer
462 views

I'm trying to "trace" (just setting breakpoint, step in, step over to know how certain things work) an application. But if the application enters suspended state by using breakpoint, every ...
Meigyoku Thmn's user avatar
  • 21
4 votes
1 answer
1k views

I'm dealing with a malware sample from a pentest that will only execute properly if the system is a member of the target organization's Windows Active Directory domain. Rather than standing up my own ...
Sean W.'s user avatar
  • 151
3 votes
2 answers
1k views

There is a program that is possibly a RAT, and I would like to view the source code. After opening the .exe in dnSpy, I was able to tell that it was compressed with Fody-Costura. (https://github.com/...
Nqndi's user avatar
  • 35
0 votes
0 answers
1k views

Unzipped the ghidra application. When I run the .bat file I get the following message LaunchSupport expected 2 to 4 arguments but got 1 LaunchSupport expected 2 to 4 arguments but got 1 LaunchSupport ...
Amit wadhwa's user avatar
  • 1
1 vote
0 answers
89 views

I found some events in the Windows Event Log, and I was wondering which binary caused them. The event I am curious about is Event ID 27 from Hyper-V Hyper-V launch failed; the Hyper-V boot loader was ...
Marco's user avatar
  • 89
-1 votes
1 answer
2k views

I'm learning RE with x64dbg on Windows10. It does not list a process in the running process list that I want to attach. The Process is running 32-bit crackme application for learning. It was created ...
KiYugadgeter's user avatar
  • 141
2 votes
0 answers
155 views

I have a weird bug that causes this crap: There are plenty of dumb "solutions" a-la "turn it off and on" but none of them work and/or relevant, the shell apps simply refuse to ...
KreonZZ's user avatar
  • 141

15 30 50 per page
1
2 3