650 questions
0
votes
0
answers
103
views
IDA cannot apply patch to input file
I am using IDA Pro 7.7.
In the menu bar, Edit → Patch Program, the Apply patches to input file... option is missing.
Normally, there should be:
Change byte...
Change word...
Assemble...
Patched ...
- 322
0
votes
0
answers
66
views
ida pro produced asm.file
I'm using IDA PRO for disassembling certain retro games and I have encountered a problem I can't fix anyhow.
I can export the .asm file with the disassembled code but it seems like I can't export the ...
0
votes
0
answers
53
views
How to make IDA show negative offset in an address?
When disassembling a program, IDA has detected the instruction lea eax, [myvar_a+ebx+3] with this data:
myvar_a db 0, 11, 22, 33, 44
myvar_b db 55, 66, 77
Actually, the instruction should be lea eax, ...
- 88.9k
0
votes
0
answers
21
views
How to make IDA 8.4 display NULL pointers in structs as valid (non-error)?
In IDA 8.4, when I define a struct in C syntax: struct mystruct { void *myptr; }, then I create a struct var with mystruct, and the value is 0, then IDA displays the pointer with red background, ...
- 88.9k
0
votes
1
answer
449
views
IDA Pro 9.1 displaying wrong values of local variables in locals window
Could you please advise on how to resolve the issue with variable display in the Locals window during debugging?
When execution is halted at a breakpoint at the beginning of a function, the variables ...
- 1
1
vote
1
answer
117
views
why is there a "RETF 4" at the end of the disassembled function?
im disassembling the old 1989 Borland tool TDSTRIP.EXE that can extract Turbo Debugger information from executables and stumpled over this path-normalizing function
this is the signature im using ...
- 777
0
votes
0
answers
85
views
IDA Pro: Assembly Patching - Stack Manipulation for Non-Local Access
In IDA Pro, I'm trying to patch assembly to manipulate the stack/display array and allow a function to access non-local variables from an outer scope.
My core question: How to calculate the correct ...
2
votes
1
answer
395
views
Find function name in Frida
I open binary file with Ida and see function name called send_packet.
I tried to hook this function with frida
Module.findExportByName(null, "send_packet")
Or
Module.findExportByName("...
- 45
2
votes
0
answers
340
views
How to force ida use only one pseudocode tab
When I'm debugging an executable in ida, every time when I press F7 to go inside the function, ida opens new pseudo code tab.
After 20-30 minutes, there are around 30 pseudo code tabs open, and this ...
- 21
1
vote
1
answer
98
views
Using WinRT Interface in Python
ref: ISystemMediaTransportControlsInterop
I compiled a dll about ISystemMediaTransportControlsInterop::GetForWindow.
I use IDA to decompile it.
Then I wrote the C-like code as Python.
I believe that I ...
- 35
0
votes
0
answers
106
views
Disassembling multiple files in IDA Pro using Python
I am quite new in IDA Pro. I am trying to disassemble multiple .exe files and save the assembly codes as .asm files. I tried to write a Python script for that. But I don't know how to load an .exe ...
- 1
0
votes
1
answer
643
views
How to Debug a Process Launched by Another Application with IDA
I'm learning reverse engineering with IDA Pro and debugging a launcher application (start.exe) that launches another executable (main.exe).
start.exe takes two inputs (call them X and Y), processes ...
- 115
0
votes
0
answers
215
views
How to prevent IDA 8.4 from switching arm disassembly from thumb to arm modes on every instruction step
I am trying to debug a cortex-m0+ code using IDA, but on each step of code the debugger switches the disassembly from thumb mode to arm mode on its own.
I can't find any relevent option in IDA that ...
- 45
1
vote
0
answers
253
views
Ghidra and IDA addresses not aligned
I'm loading the same binary to both ghidra and IDA. When looking at main(), here's what both of them show:
ghidra
undefined main()
undefined AL:1 ...
- 71
0
votes
1
answer
106
views
What does "0010 ^0.16 ___u8_ iv;" in Hex-Rays IDA Pro mean?
I want to get the parameter's value when function called, when I open the program with IDA and hover on the function name I got the message like this: 1: 0008 rsi libsm::sm4::cipher_mode::...
- 33
1
vote
0
answers
786
views
Modifying iOS Binary with IDA and Repackaging as IPA
I'm new to reverse engineering and could use some guidance from the community. I'm trying to modify a string in an iOS binary using IDA Pro and then repackage it into an IPA file for installation on ...
- 33
3
votes
1
answer
369
views
What Does the "Arguments" Field in the Functions Tab of IDA Represent?
I want to efficiently find specific functions in IDA Pro by using the "Arguments" value in the Functions tab. However, for the following code examples, which were obtained from IDA ...
- 33
1
vote
0
answers
156
views
IDA: Invalid Operand when use 64bit instead of 32bit
I use IDA to modify the .exe of a game. I found the section where a limitation of 999.999.999 is given, but I'd like to change to higher limit at best to a 64bit value. My issue is that IDA returns ...
- 63
0
votes
2
answers
860
views
How to view stdout in ida debugger
I have a program that prints to stdout.
I've stepped through the print calls with the debugger in ida-free but I can't find a view where I can see that output.
- 1,136
0
votes
1
answer
163
views
How to find an unused variable in IDA?
I have a very simple program that declares a few variables and prints Hello!
I tried to find where the unused variables are stored in the IDA like I found the Hello! (by clicking the lea rcx, ...
- 137
1
vote
1
answer
148
views
I can't find a piece of data in IDA
I have this book I have to read for school and there's this exercise to create a program in Visual Studio in C language that prints "Hello!" and insert it into IDA. Then you need to find ...
- 137
0
votes
1
answer
167
views
IDA Free truncated strings?
I'm trying to analyste a game in IDA Free. I see some weird behaviour that I don't understand how to fix. Why are these strings truncated? You can see that in the RIP-view that in the .rdata section ...
- 3,561
0
votes
1
answer
788
views
How can I change IDA global data type?
I am new to IDA and my IDA's version is 7.7.
I think it's quite difficult to read the data, especially for some struct with address:
IDA .data
It's very easy to know the next node is 0x0804c110 in gdb:...
- 15
1
vote
0
answers
87
views
IDA Pro Dataset Merger
Are there any resources for creating a IDA Pro merger API for merging datasets that for example; have the same data but one had a struct and one has no struct, same structs but different naming ...
- 11
1
vote
2
answers
438
views
IDA Pro change color of variables in pseudocode
Very basic Ida Pro plugin that changes color of MyVar123 inside pseudocode window.
Problem is this approach is limited to using ida_lines.SCOLOR_... constants for color. How to define my own text ...
- 829
0
votes
1
answer
178
views
Disable generation of ALIGN directives
I use IDA for disassembly and ALIGN directives often appear in disassembly code, such as here:
ALIGN 0x10
off_8030680 DCD 0x200261D8
dword_8030680 DCD 0x20027D2A
Is it possible ...
- 561
1
vote
0
answers
120
views
How to get an array of custom-typed objects, returned by a function, with IDA Appcall
let assume we have a structure defined in local types:
struct Human {
char* name;
int age;
double height;
};
and the prototype of the function i need to call:
const Human**__fastcall ...
- 11
0
votes
0
answers
68
views
Seeking Expert Assistance for Compiling and Running IDA-Generated C Code
Although I'm not new to programming, I'm currently unfamiliar with C language specifics. I have a code snippet generated using IDA and I'm encountering difficulties in compiling and running it.
I'm ...
0
votes
0
answers
125
views
Edit hex to point to dword (Hex Patch Porting IDA)
Just for starters I am new to IDA so I am very clueless
I am trying to port a hex patch part of this patch is that it points to a dword in each version the location of this dword changes meaning the ...
- 1
0
votes
1
answer
872
views
IDA detects a file as both a Windows and an MS-DOS program
Okay, I have one rather suspicious file that is even taking some control over my PC. However, I need it, so I decided to decompile it and see if it was harming my PC and can I cut it out?
I've used a ...
0
votes
1
answer
176
views
How to find a sequence of bytes on the target program from my injected dll?
I'm developing a DLL that is injected into a process and uses some memory addresses. My idea is that my DLL finds and updates those addresses automatically, as I have the patterns and I can find them ...
- 755
2
votes
1
answer
610
views
"loading shared libraries " error, but the name is <garbled char>
I want to install IDA Pro for Linux(or IDA Free has the same problem) on my ARM64 Ubuntu 22.04 Virtual Machine, which utilizes Rosetta 2 for compatibility.
After spending considerable time resolving ...
- 33
1
vote
0
answers
168
views
how to change string to a a longer string?
I am really new to IDA pro.
I tried changing hex but it messed up the whole thing
I want to change a string "Hd-Player" to "pickheadless"
its possible to change it using hex but it ...
2
votes
0
answers
511
views
Changing instruction that was misidentified in IDA Pro
I am trying to compare a source code to a disassembled version of a Sega Genesis (68000 processor) game. I ran the binary through IDA Pro to disassemble it, and when I was going through the code and ...
- 21
1
vote
0
answers
187
views
Bypass "il2cpp external wbarrier tracker"
Does anyone know what il2cpp_gc_set_external_wbarrier_tracker is and how to bypass it? Every time I hook my function, the application crashes (I'm sure it's because of this anticheat func, not because ...
- 11
0
votes
0
answers
555
views
IDA disassembler view of loaded DLL in process address space
I'm using IDA to understand the Wow64 subsystem on Windows 64. I loaded a 32 bit PE executable into IDA.
I'd like to view all the DLL loaded in the process's address space (there should be actually ...
- 313
0
votes
0
answers
167
views
Software copyright infringement
I've found a company in China selling a software that is clearly a copy of my own work. For context, this is actually a physical product that comes with a Ubuntu computer and the software pre-...
- 4,914
3
votes
0
answers
926
views
Decompilation error for IDA8.3 lumina SERVER
lumina: connect: connection failed because the destination computer denied the connection.
142089810: cloud: Server is not available
I cleaned up the registry and reinstalled it.
Does anyone know ...
- 31
0
votes
0
answers
2k
views
How to debug a DLL in IDA Pro with 3 export functions
I have a 32bit DLL I am trying to debug. I set up my process options to use:
Application: "C:\Windows\SysWoW64\rundll32.exe"
Input file: the DLL I'm debugging
Parameters: "C:...\...
0
votes
0
answers
638
views
Why is function call terminating the debug process on IDA Freeware?
I am solving a Reverse Engineering capture the flag challenge where I have to find a flag in the format flag{thisistheflag}. Below is the link to a GitHub Repository that contains the given exe file ...
- 11
0
votes
1
answer
183
views
how I can read the value of this variable?
I'm doing some reversing homework and I often encounter some code that looks like this when dealing with classes, here is the pseudo code.
int __thiscall sub_858F90(_DWORD *this, int a2)
{
int ...
- 37
0
votes
1
answer
752
views
Patching binary with IDA
I'd like to patch some binary (Windows PE) by adding to the program code just standard windows MessageBox. The problem is that the original PE do not import user32 where the MessageBox function is ...
- 3
0
votes
0
answers
120
views
Find a free space in dissembled PE
I've dissembled some PE using IDA (PRO 7.5 SP3). Now i'd like to add some new code there (using patching). The question is how can i find some free space in this dissembled code to utilize it?
- 19
2
votes
0
answers
1k
views
How to properly add a new code segment in IDA?
I'd like to modify (patch) some binary using IDA (PRO 7.5 SP3). I've added a new segment for my new code, implemented some function there and when i select "Apply patches to input file..." i ...
- 19
0
votes
2
answers
281
views
How to extend a function in dissembled code?
How can I extend/expand the code of a function in the IDA (PRO 7.5 SP3)? I'd like to add some new instructions to the existing function in the disassemble code. I know, that there is a change function ...
- 19
0
votes
0
answers
650
views
Debugging a .so file, compiled by cython
I have a .so file that has some functions in it (about inferencing model of deep learning) The .pyx file accidently got deleted during compile.
I imported it in my python code regularly. I want to ...
0
votes
0
answers
141
views
How can I convert DB DOS Assembly Bytes To A 256 Colour Bitmap?
I was really pleased to find the following post, on this Forum :-
Here is the Post Converting a 256 Colour Bitmap Image To DB Format
I would like to do the reverse of that.
Convert DB Bytes From a DOS ...
- 47
0
votes
0
answers
75
views
How a near jump computes an address in x86_64?
I try to understand assembly on Windows with the debugger IDA free.
For that, I compiled a C++ code:
#include <iostream>
#include <Windows.h>
int main()
{
SIZE_T size = 0;
...
0
votes
2
answers
376
views
How to determine unknown socket options?
While reverse engineering a so library designed for android, I saw following code lines for a tcp connection.
int v28[2];
v28[1] = 0;
v28[0] = 10;
setsockopt(socket_ref, 1, 21, v28, 8);
setsockopt(...
- 129
0
votes
1
answer
4k
views
What are the differences between Cheat engine and other applications like IDA, Ghidra, and x64dbg?
I have used Cheat Engine to the point where I now understand how I can access memory in the program, how to view the assembly code, find pointers, use the debugger, etc. I have not used IDA, Ghidra, ...
- 11