No specific Reverse engineering section

Networking/Security Forums -> Comments // Problems etc.

Author: cielLocation: LYON ( FRANCE ) PostPosted: Sun Sep 18, 2005 11:49 am    Post subject: No specific Reverse engineering section
    ----
Hello,

There's no specific Reverse engineering forum in SFDC. Although, I've found this sticky post in Programming section :

Basic Reverse-Engineering Explained

But I wonder If it wouldn't be more accurate to have a dedicated forum, I ask here for feedback.

When I made a search, I've found a Win32-related reverse engineering post here :

Win9x/2k API hooking

What I mean is with no RE section, posts can go to Windows forum if it's windows-related or to UNIX/Linux forum, sometimes they go to Programming forum or Crypto* forum, etc.
But they both deal about RE and share a common aim.

However I'm perlplex about it and I'm not requesting one more forum, I'm not complaining.
I just want to know what you think about it.

Where is the boundary between Virus prevention/incident response and Virus analysis ?
Imagine my system has got infected by a new virus which currently make antivirus solutions impotents.
So I need to understand myself how it does, how to fight against it, etc ..
If a such RE forum existed, where should I make my post ?

Thanks for your feedback,

ciel

Author: Ipsec Espah PostPosted: Sun Sep 18, 2005 12:10 pm    Post subject:
    ----
I would think they should just post it in the virus forum, but if we had a separate forum for reverse engineering I'm sure it would increase the amount of posts on the subject which would be cool. Cool Well... as long as it wasn't too much into ASM so us non programmers could understand it better. Wink

Author: alt.don PostPosted: Sun Sep 18, 2005 3:34 pm    Post subject:
    ----
Hello ciel,

There are far too few questions asked about RE for it to merit its own section.

Author: zeedoLocation: Scotland PostPosted: Sun Sep 18, 2005 10:05 pm    Post subject:
    ----
Quote:

Well... as long as it wasn't too much into ASM so us non programmers could understand it better.


What is the point of reverse engineering if you can't understand the code ?

If you can't program ripping a program apart seems a bit pointless.

Author: njanLocation: Scotland, UK PostPosted: Sun Sep 18, 2005 11:14 pm    Post subject:
    ----
zeedo wrote:

What is the point of reverse engineering if you can't understand the code ?

If you can't program ripping a program apart seems a bit pointless.


Rubbish, not at all...

...and while we're at it, has anyone seen any books in repairing cars? Something nice and non-technical for all of us non-mechanics which doesn't refer to any of those silly components like carburetors, cylinders, engines, etc... Razz

Author: Ipsec Espah PostPosted: Sun Sep 18, 2005 11:21 pm    Post subject:
    ----
zeedo wrote:


What is the point of reverse engineering if you can't understand the code ?

If you can't program ripping a program apart seems a bit pointless.


Strings, google, baselines, filemon, regmon, handles, system state monitors, VMWare, nmap, etc. You can still understand a lot about how a program works. You just can't fully understand it without knowledge of ASM. Maybe it uses some anti-reverse engineering techniques such as checking to see if it is being run in VMWare. You wouldn't know that unless you reverse engineered it.

Author: zeedoLocation: Scotland PostPosted: Sun Sep 18, 2005 11:32 pm    Post subject:
    ----
Quote:

Strings, google, baselines, filemon, regmon, handles, system state monitors, VMWare, nmap, etc.


I didn't ask how to monitor what a program does, I said what is the point of reverse engineering if you don't know how to code.

The things you mentioned monitor a programs behaviour and can aid in reverse engineering. Reverse engineering itself is trying to rebuild the code or to figure out ALL possible program flows. Doing this without understanding how to code would be both very difficult and of questionable benefit.

Quote:

Maybe it uses some anti-reverse engineering techniques such as checking to see if it is being run in VMWare. You wouldn't know that unless you reverse engineered it.


That makes no sense at all to me, can you please clarify what you mean. It has no bearing on my question from what I can make out.

Author: Ipsec Espah PostPosted: Sun Sep 18, 2005 11:56 pm    Post subject:
    ----
zeedo wrote:


I didn't ask how to monitor what a program does, I said what is the point of reverse engineering if you don't know how to code.

The things you mentioned monitor a programs behaviour and can aid in reverse engineering. Reverse engineering itself is trying to rebuild the code or to figure out ALL possible program flows. Doing this without understanding how to code would be both very difficult and of questionable benefit.

That makes no sense at all to me, can you please clarify what you mean. It has no bearing on my question from what I can make out.


It depends on the definition. According to the IEEE it "is the process of analyzing a subject system to identify the system’s components and their interrelationships and to create representations of the system in another form or at a higher level of abstraction.” It doesn't have to be all possible program flows. Often the tools I mentioned earlier are enough to understand what a program does well enough for me and many others. Although you can never be 100% sure unless you know assembly and reverse all program flows like you said. That's what I was getting at when I mentioned VMWare and anti-reverse engineering techniques.

Author: alt.don PostPosted: Mon Sep 19, 2005 12:18 am    Post subject:
    ----
For me it all comes down to varying degree's of competentcy. You will have your uber reverse engineers ie: exploit developers, and you will have a wide swath of people like myself who can understand source code, but cannot realistically replicate it. Much like any field of endeavor you will always have people of varying skills in a specific subject matter. IMHO both Zeedo and yourself Ipsec Espah are correct, you are merely defining various levels of skill.

Author: zeedoLocation: Scotland PostPosted: Mon Sep 19, 2005 7:47 am    Post subject:
    ----
Quote:

It doesn't have to be all possible program flows. Often the tools I mentioned earlier are enough to understand what a program does well enough for me and many others. Although you can never be 100% sure unless you know assembly and reverse all program flows like you said. That's what I was getting at when I mentioned VMWare and anti-reverse engineering techniques.


Fair enough.

Sounds good to me - I just never considered there would be any worth in knowing rougly how a program works, but I can see your point. I do this with other technologies all the time. ie.. "I know enough about how X works to figure out the details if it becomes important to what I'm doing".



Networking/Security Forums -> Comments // Problems etc.


output generated using printer-friendly topic mod, All times are GMT + 2 Hours

Page 1 of 1

Powered by phpBB 2.0.x © 2001 phpBB Group