Slashdot Mirror

← Back to Stories (view on slashdot.org)

Learning Reverse Engineering

Posted by michael on from the click-and-drag dept.

TheBoostedBrain writes "Mike Perry and Nasko Oskov have written a very complete article about reverse engineering. It provides an introduction to reverse engineering software under both Linux and Windows."

21 of 211 comments (clear)

  1. Mirror by seanadams.com · · Score: 2, Informative


    Mirror here, just in case.
    What would we do without wget --recursive?
    1. Re:Mirror by Anonymous Coward · · Score: 2, Informative

      Here's another one. Please use it - I want to see the Slashdot effect in action.

    2. Re:Mirror by corran__horn · · Score: 3, Informative

      actually the admin has been nice enough to copy a page detailing the amount of traffic that the box has put out here, so enjoy the show folks.

      --

      If people can connect to one another even the smallest of voices will grow loud.
      --Serial Experiments Lain
  2. whatabout truss/strace/ktrace? by multipartmixed · · Score: 5, Informative

    I can't believe they left out truss/strace/ktrace. Even without debugging symbols, these utilities can tell you what system calls are being called, when they are called, and what arguments are being passed.

    truss under Solaris is even more useful than strace under Linux or ktrace under the BSDs; you can also trace function entry points into user-level ELF solibs.

    --

    Do daemons dream of electric sleep()?
    1. Re:whatabout truss/strace/ktrace? by Burnon · · Score: 2, Informative

      It's there:

      http://www.acm.uiuc.edu/sigmil/RevEng/x288.htm#b eh avior_system_calls

    2. Re:whatabout truss/strace/ktrace? by MrDelSarto · · Score: 5, Informative

      ltrace will allow you to peek into what libraries are being called on Linux.

    3. Re:whatabout truss/strace/ktrace? by miu · · Score: 2, Informative
      truss under Solaris is even more useful than strace under Linux or ktrace under the BSDs; you can also trace function entry points into user-level ELF solibs.

      Unfortunately, not under 2.6. It does work on 2.8+ and can occasionaly be a lifesaver. 'ltrace' under Linux does pretty much the same thing.

      --

      [Set Cain on fire and steal his lute.]
  3. DMCA i.r.t. Reverse Engineering by heli0 · · Score: 5, Informative

    `(f) REVERSE ENGINEERING- (1) Notwithstanding the provisions of subsection (a)(1)(A), a person who has lawfully obtained the right to use a copy of a computer program may circumvent a technological measure that effectively controls access to a particular portion of that program for the sole purpose of identifying and analyzing those elements of the program that are necessary to achieve interoperability of an independently created computer program with other programs, and that have not previously been readily available to the person engaging in the circumvention, to the extent any such acts of identification and analysis do not constitute infringement under this title.

    `(2) Notwithstanding the provisions of subsections (a)(2) and (b), a person may develop and employ technological means to circumvent a technological measure, or to circumvent protection afforded by a technological measure, in order to enable the identification and analysis under paragraph (1), or for the purpose of enabling interoperability of an independently created computer program with other programs, if such means are necessary to achieve such interoperability, to the extent that doing so does not constitute infringement under this title.

    `(3) The information acquired through the acts permitted under paragraph (1), and the means permitted under paragraph (2), may be made available to others if the person referred to in paragraph (1) or (2), as the case may be, provides such information or means solely for the purpose of enabling interoperability of an independently created computer program with other programs, and to the extent that doing so does not constitute infringement under this title or violate applicable law other than this section.

    `(4) For purposes of this subsection, the term `interoperability' means the ability of computer programs to exchange information, and of such programs mutually to use the information which has been exchanged.

    DMCA

    --
    Whenever the offence inspires less horror than the punishment, the rigour of penal law is obliged to give way...
  4. README: From the Authors by mikepery · · Score: 5, Informative

    Well this was most unexpected. We still have a lot of work to do on this book, and are still in the process of looking for a publisher. In fact, both Nasko and I were working on the book as this was posted (quite a shock!). We're still putting together screenshots, describing debugging utilities, etc..

    In fact, the book looks more complete than it actualy is. Most of the chapters are basically just an outline that we've been filling in as we go along.

    Keep checking the book periodically for more updates, as again, this is a work in progress. If you notice any ommissions, or have any contributions, we would be glad to take them.

    Thanks,

    Nasko Oskov & Mike Perry

    1. Re:README: From the Authors by yerricde · · Score: 2, Informative

      Zip works fine, but if you're aiming for 100% cross-platform, tarballs are king.

      Info-ZIP UnZip is claimed to be the third most portable C program.

      Tarballs are used on every Unix and Unix clone OS in existence, not just Linux.

      Microsoft Windows ME and Microsoft Windows XP operating systems ship with Microsoft Compressed Folders, a feature that can read and write .zip files in a manner similar to that of WinZip and WinRAR but cannot make head nor tail of .tar.gz files.

      --
      Will I retire or break 10K?
  5. This book falls short by JohnwheeleR · · Score: 4, Informative

    This book is pretty weak. I skimmed through it and no where did I see win32dasm dead listings or hands on reversing. It seems like it just tries to explain different windows and unix tools people might use for reversing. Comments like this certainly should have been left out: If you don't know assembly language, at the end of this book you will literally know it inside-out I mean gimme a break. In less than a hundred pages of text, no one is going to learn x86 asm "inside-out." Chapter 9, which many people would be interested in, is incomplete. I wouldn't waste my time. Go search for "fravia pages reverse engineering" on google. That material took years to put together.

  6. Ollydbg by httptech · · Score: 4, Informative
    Hadn't seen this mentioned in the book or in any comments so far: If you are wanting to get started reverse-engineering on Windows, you don't need to shell out big bucks (or pirate) softice unless you plan to do hard-core driver/kernel debugging. Seriously, check out Ollydbg It's freeware AND it kicks ass. I'm using it to do almost all my reverse engineering now.

    Here are a couple of beginner-level articles I've written on reverse-engineering malicious code:

    Reverse Engineering Hostile Code

    Alien Autopsy: Reverse Engineering Win32 Trojans on Linux

  7. Code Reading - The Open Source Perspective by MavEtJu · · Score: 4, Informative

    Recently I came by this book: Code Reading - The Open Source Perspective, which has the same idea except for when you have the source of a program and not only a binary.

    --
    bash$ :(){ :|:&};:
  8. Re:Play "Black Box" for a while. by BoneMarrow · · Score: 4, Informative

    http://www.eagle-i.com/JAVA/bb.html

    --
    Unfortunately, no one can be told what my sig is...
  9. can't have a book on reversing without by Anonymous Coward · · Score: 2, Informative

    a mention of IDA pro, W32Dasm, softice. These are the tools of the trade.

  10. A note from the sysadmin of www.acm.uiuc.edu by Benley · · Score: 2, Informative

    Thanks, but no need - we've got boatloads of bandwidth at uiuc, and the web server is hardly noticing:



    [staffin@winston staffin]$ uptime
    21:20:19 up 79 days, 18:17, 3 users, load average: 0.24, 0.27, 0.32

    Not bad. It's an ultra5/360 running Debian with 256mb of ram, btw. I think this pretty much demonstrates that the slashdot effect is all about bandwidth, not the speed of the server.

  11. "Official" PDF version here by Benley · · Score: 3, Informative

    http://www.acm.uiuc.edu/~staffin/reveng.pdf - Here is the same pdf mentioned above, only on a site that isn't about to get slashdotted (on the same server as the original site, in fact). Have at it!

  12. Re:really dumb question... by Benley · · Score: 2, Informative

    Yes: http://www.acm.uiuc.edu/~staffin/reveng.pdf

  13. RE/Cracking tutorials and games by sICE · · Score: 5, Informative

    you might want to have a look at AntiCrack which is a huge collection of tutorials cracking , reverse engineering, and programming. They also have a copy of the Old Fravia'Site, the new one being about searching).

    There's a few games/challenges out there about reverse engineering, cracking, logic and programming. Give them a try if you wish (Arcanum is really nice):
    AngularVision, Apotheosis, Arcanum, Aspect, Aspect2, C&CDisIncorporated, CyberArmy, Disavowed, Electrica, Escape, HackME, HackersGames, HackersLab, HackQuest, Hybrid, ICEFortress, Lamebulun, Mod-X, NetSplit, NGSEC'sSecurityGame, ProblemSetArchive, ReverserCourse, SlyFX, TheGame, and Try2hack.

    have fun ;-)

    --
    -- search the web
  14. complete? by codegen · · Score: 2, Informative

    Not exactly complete. My research
    area is reverse engineering. The book only
    talks about low level reverse engineering
    (i.e. executable code). Most of the research
    in the area is at the source level.

    This is not a criticism targeted at theauthors,
    but at the submitter.

    --
    Atlas stands on the earth and carries the celestial sphere on his shoulders.
  15. More Reverse Engineering by Anonymous Coward · · Score: 1, Informative

    Georgia Tech's Reverse Engineering Group also has a whole lot of info on the topic here : http://www.cc.gatech.edu/reverse/