Basic Reverse-Engineering Explained
Goto page Previous  1, 2  :||:
Networking/Security Forums -> Programming and More

Author: Nathaniel Firethorn PostPosted: Sun Jul 17, 2005 1:11 pm    Post subject:
A really n00b question:

Reversing looks like a lot of fun. I've done a bit of it, but with 1982-level tools on Apple ][ (never with the kind of tools available today.)

Is it possible to make a living at it (or part of a living) as a white-hat?

- NF

Author: HAVOKLocation: Spain PostPosted: Wed Dec 07, 2005 8:11 pm    Post subject:
Nathaniel Firethorn wrote:
Is it possible to make a living at it (or part of a living) as a white-hat?

Yes, it is. For example:

1. If you work for an anti-virus company you will have to analyse viruses to see how they work. Part of this is done through disassembly / debugging.

2. If you sell anti-cracking software you will have to crack other's people protections to keep current (not very white-hat, but this is how this works).

3. You can find out exploits for windows comparing and reversing an unpatched DLL with the patched one. This is a legitimate work and there is some people who do this for money.

[EDIT=> 4: forensics]

Small comment on the tutor:

I see you only mention W32DASM, but IDA is really much better, nothing to be with w32dasm. There is a free version of IDA for download at their website. The only diff with the commercial version is that the later has a built-in debugger, but you can use Olly instead.

Author: vxLocation: norway PostPosted: Mon Nov 13, 2006 10:26 pm    Post subject: were is the program
I did not find the program that the link was supposed to contain,
is it just me that is stupid Question

Author: alt.don PostPosted: Mon Nov 13, 2006 11:06 pm    Post subject:

You may wish to Google for Ollydbg and IDA Pro free version. Of the two I would go with Ollydbg.

You will also need the following tools/knowledge:

Hex editor: There are many good and free ones out there. Give it a Google

PE format: Become familiar with what it is as it will help you understand a Microsoft executable that much better, and also just how code gets mapped from physical memory to RAM.

ELF format: This is the format of Linux/BSD executables and will do the same as the above for you in terms of knowledge.

Programming knowledge: It is important to understand C, C++ and Assembler at a high level if nothing else. You don't necessarily have to be a full-fledged programmer to reverse but it certainly is helpful.

One of the simplest ways to start out is to code your "Hello World" program and then to disassemble it. That is a good and simple starting point.

The two above file formats are important to understand as it will also be most beneficial when you are looking at malware. Lastly, I will have an article series on reverse engineering for beginners going up on WindowSecurity soon. Keep an eye out for it.

Networking/Security Forums -> Programming and More

output generated using printer-friendly topic mod, All times are GMT + 2 Hours

Goto page Previous  1, 2  :||:
Page 2 of 2

Powered by phpBB 2.0.x © 2001 phpBB Group