Questions tagged [functions]
A sequence of instructions performing a basic task packaged as a unit in a program.
112 questions
0
votes
0
answers
15
views
Ghidra: How to merge two functions separated by a few bytes which cannot be disassembled
i have a PowerPC RE project with a large function (about 3600 lines in decompile) which several times a day Ghidra by itself decides to split in two parts, since there are a few bytes it cannot ...
- 103
1
vote
0
answers
51
views
Transfer function names from IdaPro to x64dbg
IdaPro newbie question here: I have analyzed an Delphi executable with Ida and the function names and variables were "demangled" as in
.text:00000000008008AE loc_8008AE: ; CODE XREF: ...
2
votes
1
answer
120
views
IDA Pro - Determine if a function prototype is user-defined
I'm trying to determine - using IdaPython - if a function prototype is user-defined or have been automatically guessed / defined by IDA (i.e. without specific user interaction).
The flag is probably ...
- 432
0
votes
0
answers
83
views
Why does a function with 3 parameters is decompiled as 9 parameters?
For a PowerPC binary with debugging symbols, the function signature is:
CrossProduct(VECTOR *,VECTOR,VECTOR)
It's correct as it matches the source code for an older version of the application:
void ...
- 249
2
votes
2
answers
140
views
Tracing all functions in executable conditionally, to find function of interest
I would like to alter the behavior of some executable (in my case, a videogame). One way of doing this is to hook function calls (e.g., a function like Player::ReceiveDamage) and adjust parameters/...
- 125
0
votes
1
answer
123
views
How to call unexported function in a third party DLL while having its PDB?
I'm new to reverse engineering and recently met with a problem:
I have the dll and pdb of a debug version third party module, but I don't have its source codes. Now I want to write a piece of C++ code ...
- 103
0
votes
1
answer
79
views
Function return in machine code (by platform/compiler)
I am asking this question to gather a knowledge base. I know in x86-64, a machine code function can have only one function return, i.e., ret instruction. I know it can be compiler (GCC, clang, etc) ...
0
votes
2
answers
364
views
Cutter shows addresses relative to stack but not rbp. How to change it?
Look at the first image:
Here what I get is var void *buf @ stack - 0x28.
But I'm watching a tutorial there his Cutter shows like this:
var void *buf @ rbp - 0x20. How can I change cutter to appear ...
- 123
1
vote
0
answers
166
views
Log functions called in IDA Pro?
When I run an exe in IDA how could I log which functions were called into a text file?
log.txt:
call func1
call func2
call func1
call func1
Not worried about indirect calls.
This is for differential ...
- 11
1
vote
2
answers
718
views
How can I jump to the start/end of a function in x64dbg?
I'm currently debugging a program using x64dbg, and I'm wondering how to quickly jump to the start or end (prologue/epilogue) of a function while I'm in the middle of it. I couldn't find this ...
- 35
0
votes
1
answer
143
views
split function argument from IDA's hints
Suppose I have a function, I know that the first 4 arguments come with fixed registers.
_BYTE *__fastcall foo(__int64 a1, _QWORD *a2, unsigned int a3, char a4, _QWORD *a5)
For the fifth one, if I ...
- 313
0
votes
1
answer
571
views
which command in windbg to use to display the struct in function argument
The struct looks like this.
typedef struct _RTL_DYNAMIC_HASH_TABLE_ENUMERATOR {
struct _RTL_DYNAMIC_HASH_TABLE_ENTRY HashEntry;
struct _LIST_ENTRY* CurEntry;
struct _LIST_ENTRY* ChainHead;
ULONG ...
- 313
1
vote
0
answers
106
views
How to reverse an import function?
I'm reversing windows .sys file and an import function RtlLookupEntryHashTable appears in my target functions. I want to know the pseudocode of it. How to achieve this?
.text:00000001C00218C2 ...
- 313
0
votes
1
answer
331
views
How to speed up finding a function from pseudocode in IDA?
I have a function with the pseudocode of
__int64 __fastcall sub_7FF7067A01F0(__int64 a1, __int64 a2, unsigned int a3)
{
if ( qword_7FF709F91498 )
return (*(__int64 (__fastcall **)(ID2D1Geometry *...
- 39
1
vote
1
answer
117
views
Calling a function with a variable number of args from a proxy DLL
The program I'm messing with has builtin logging. Using a proxy DLL, I managed to activate it by calling the right functions from the real DLL. However, I got stuck at using the actual logging ...
- 149