I found that guarded_open_np function is used by libsqlite3.dylib to open database file. I had a look into sqlite3 open source, there was no such thing. So definitely Apple has modified it to use g...

I just want to know how I can change asm instructions in the IDA-view A: How to edit instructions(for instance: jnz to jmp)? How to insert new instructions(call func1, call func2 inserted to exis...

I made my changes using IDA but I don't know how to make the new file exe again

IDA pro, x64Dbg, olldbg & windbg are used to Reverse Engineering purposes (as a Dissembler) and debugging. What are the main differences between each?

I use hopper disassembler to disassemble iOS apps. It works fine for most of the apps. However today I just got curious to understand a banking app so I tried to disassemble it. So, I moved the ap...

Basically, I have a user mode program that calls kernel32.CreateProcessA() which internally calls kernel32.CreateProcessInternalW(). Within this function, I'm interested in what is happening inside...

I have recently been learning assembly, and decided to disassemble some of my own executables to study from. I've noticed online resources often reference esp and ebp, the stack and base pointer. I...

I'm trying to find a way to figure out in IDA which exports are data exports and which are real functions export. For example, let's have a look at Microsoft's msftedit.dll's export entries: Whi...

So usually when I debug with IDA I don't come across any issues; however, with this one particular process (which is 9.9 MB in size before modules) IDA insists it rebase every single time it starts...

I am attempting to patch a binary in IDA using the "Assemble" option, and every time I enter an instruction with some arithmetic to calculate the offset, I receive an Invalid Operand error. For exa...

I am using IDA Pro to disassemble a Windows DLL file. At one point I have a line of code saying mov esi, dword_xxxxxxxx I need to know what the dword is, but double-clicking it brings me to the...

I use IDA Pro Advanced Edition v6. But I can not find the strings window. Only the function window, IDA View-A, IDA Hex View-A, Structures window, Enums window, Imports and Exports window are prese...

Been googling this for a while but i can't find any documentation relating to this. I've been trying to learn ARM and have been looking at the compiled ARM assembly code for a simple calculator.c p...

I am trying to run idal64 (IDA pro) inside a screen session, but I receive this error: TVision error: Can not load libcurses.so Without libcurses can work only with xterm/linux Aborted (core dump...

In the disassembler and debugger IDA, is there any way to run the currently loaded binary with command line parameters? For instance, say I have the command /bin/ls and want to debug it as /bin/ls ...

I have IDA PRO 6.1 - (i am unable to install the latest version) I am trying to debug x64 application with bochs debugger or windgb. I did the following: installed Bochs-2.4.6 Installed both x8...

In my code, I am using idc.GetOpnd(ea,0) and idc.GetOpnd(ea,1) to get the 2 operands of an instruction. However, if its a call (or jmp) instruction, I am getting symbols like _perror and loc_8083BA...

How can I set all exceptions behavior to pass to application and not appear in debugger? I'm using IDA Pro 6.6 and WinDbg.

Below posted is my code. Help me out in understanding what the below code means: push ebp mov ebp, esp sub esp, 230h

Does IDA Pro have a memory mapping functionality similar to that in OllyDbg? If so, I can't find it. I know there is that skinny bar at the top of the screen showing where you are in the address sp...

Here is what I want to achieve. I identified a class which I defined as a struct to store class data. One of the methods of the class uses class-field as if it's pointer to vtable. int __thiscall ...

I am new to Ida and I need to use it to identify which functions within the executable call one of these. I am trying to find a way a packet is encrypted as a security exercise. Lets say I want to ...

From objc sources we can see that SEL is defined as typedef struct objc_selector *SEL; I have disassembly my dylib with idaq, and I did finde call of _MSHookMessageEx function, that is linked from...

I was analyzing some x86 binary and found the following instruction which I can not understand. Can someone please explain me following instruction? mov eax, large fs:30h I googled this, and it...

What function have short and large in this code portion? large is same as long dword? mov eax, ebx cmp [ebp+var_1], 0 jz short loc_413123 call sub_40341C pop large dword ptr fs:0 add esp, 0Ch