Questions tagged [memory]
Part of the computer used to store data and code. Can refer to questions about, both, live memory investigation and ROM investigation.
237 questions
2
votes
1
answer
95
views
What happens to the remaining virtual address space after loading the VirtualSize of a section into the memory?
So I saw in the Microsoft docs the following stated regarding the PE section header:
VirtualSize: The total size of the section when loaded into memory. If this value is greater than SizeOfRawData, ...
- 23
0
votes
0
answers
100
views
cpu rk3588 can ddr memory training blob get reverse engineered?
https://www.collabora.com/news-and-blog/blog/2024/02/21/almost-a-fully-open-source-boot-chain-for-rockchips-rk3588/
My information is that only one file is
stopping the rk3588 from being able to run ...
2
votes
1
answer
90
views
MC6809 disassemble problem related to reset vector. Appears to stop Ghidra finding code
I have a late 1980s item of test equipment Electro-Metrics EMC30 rf emc receiver running a MC6809 processor. I am trying to use Ghidra to reverse engineer the binary code to assembler but I have ...
- 31
1
vote
0
answers
117
views
How to configure Ghidra Memory Map use Script API?
How to configure "Memory Map" for RAM image use Ghidra Script API? For example, here is Memory layout created by python script:
.text start: 0x80004000
.text end: 0x8079e4d0
.text length: ...
- 235
0
votes
0
answers
48
views
Change Mac address
I have read the NAND memory MT29F2G08ABAEAWP contents via the RT809F programmer from IP Camera,
when I have written the program (.bin) to the new NAND memory the Mac address and serial number of ...
- 1
1
vote
0
answers
64
views
Unknown string encoding
I'm new to reverse, my question may be stupid.
I am trying to reverse a function in the application that reads a string at the address and concatenate it to another
char[250] v30;
char[20] v31;
...
...
- 11
0
votes
1
answer
106
views
Buspirate_spi and flashrom opensource software
I have a question about buspirate_spi programmer and flashrom. I have a new Flash rom Boye BY25Q128AS similar to the winbond W25Q128.V in the flashrom list. How can I dump the data from this specific ...
0
votes
1
answer
151
views
Searching for a byte pattern and then hooking all instances of it using frida on iOS
I'm using a frida script to scan for a certain byte pattern when I launch an iOS app.
I can log each offset and confirm these are correct by also printing out the instructions at those locations and ...
- 187
2
votes
0
answers
157
views
UBIFS image weirdness [SOLVED]
So, I dumped old routers ubifs image from memory and apparently it can't be read or mounted, throwing errors like "missing block size" and "missing data" although I see in hexdump ...
3
votes
1
answer
280
views
Load process from memory dump
Are there any tools that can "record" the memory space of a process and then be able to restore it from a certain timestamp? As in, the process is recreated in the exact same state as if &...
- 153
2
votes
0
answers
67
views
WinDbg Preview search is not returning results
I am attempting to manually unpack a malware sample. I am using the new WinDbg Preview (only thing that is available to download now). After letting the malware call VirtualAlloc I am trying to search ...
- 131
3
votes
1
answer
178
views
A few questions about reloc tables and base memory
A friend and I are poking around with some 32-bit Windows binaries and wanted to get some info about relocation tables.
What is the difference between an exe that does not contain a relocation table (...
- 157
3
votes
4
answers
617
views
Reverse Engineering CTF help
I am having trouble figuring out this microcorruption challenge in the link below: https://microcorruption.com/debugger/Halifax
Basically, the 0x7f interrupt has been disabled so I must reenable it ...
- 141
2
votes
0
answers
236
views
How to decrypt data during runtime before executing and then encrypting it back
I was doing some research and came across the term protectors. From my understanding is they encrypt a file to be protected but run it without an issue. During its execution it is able to decrypt the ...
- 21
3
votes
1
answer
269
views
GDB breakpoint crashes at a correct memory location
I'm trying to debug binaries of a a firmware running Linux with no ASLR, binaries are not compiled with PIE either so I have no issue getting the memory locations.
So after including gdbserver in the ...
