• RSS
  • Twitter
  • FaceBook

Security Forums

Log in

FAQ | Usergroups | Profile | Register | RSS | Posting Guidelines | Recent Posts

Basic Reverse-Engineering Explained

Users browsing this topic:0 Security Fans, 0 Stealth Security Fans
Registered Security Fans: None
Goto page Previous  1, 2
Post new topic   Reply to topic   Printer-friendly version    Networking/Security Forums Index -> Programming and More

View previous topic :: View next topic  
Author Message
Nathaniel Firethorn
Just Arrived
Just Arrived


Joined: 12 Jul 2005
Posts: 0


Offline

PostPosted: Sun Jul 17, 2005 1:11 pm    Post subject: Reply with quote

A really n00b question:

Reversing looks like a lot of fun. I've done a bit of it, but with 1982-level tools on Apple ][ (never with the kind of tools available today.)

Is it possible to make a living at it (or part of a living) as a white-hat?

Thanx
- NF
Back to top
View user's profile Send private message
HAVOK
Just Arrived
Just Arrived


Joined: 02 Dec 2005
Posts: 0
Location: Spain

Offline

PostPosted: Wed Dec 07, 2005 8:11 pm    Post subject: Reply with quote

Nathaniel Firethorn wrote:
Is it possible to make a living at it (or part of a living) as a white-hat?


Yes, it is. For example:

1. If you work for an anti-virus company you will have to analyse viruses to see how they work. Part of this is done through disassembly / debugging.

2. If you sell anti-cracking software you will have to crack other's people protections to keep current (not very white-hat, but this is how this works).

3. You can find out exploits for windows comparing and reversing an unpatched DLL with the patched one. This is a legitimate work and there is some people who do this for money.

[EDIT=> 4: forensics]

Small comment on the tutor:

I see you only mention W32DASM, but IDA is really much better, nothing to be with w32dasm. There is a free version of IDA for download at their website. The only diff with the commercial version is that the later has a built-in debugger, but you can use Olly instead.
Back to top
View user's profile Send private message
vx
Just Arrived
Just Arrived


Joined: 27 Oct 2006
Posts: 0
Location: norway

Offline

PostPosted: Mon Nov 13, 2006 10:26 pm    Post subject: were is the program Reply with quote

I did not find the program that the link was supposed to contain,
is it just me that is stupid Question
Back to top
View user's profile Send private message MSN Messenger
alt.don
SF Boss
SF Boss


Joined: 04 Mar 2003
Posts: 16777079


Offline

PostPosted: Mon Nov 13, 2006 11:06 pm    Post subject: Reply with quote

Hello,

You may wish to Google for Ollydbg and IDA Pro free version. Of the two I would go with Ollydbg.

You will also need the following tools/knowledge:

Hex editor: There are many good and free ones out there. Give it a Google

PE format: Become familiar with what it is as it will help you understand a Microsoft executable that much better, and also just how code gets mapped from physical memory to RAM.

ELF format: This is the format of Linux/BSD executables and will do the same as the above for you in terms of knowledge.

Programming knowledge: It is important to understand C, C++ and Assembler at a high level if nothing else. You don't necessarily have to be a full-fledged programmer to reverse but it certainly is helpful.

One of the simplest ways to start out is to code your "Hello World" program and then to disassemble it. That is a good and simple starting point.

The two above file formats are important to understand as it will also be most beneficial when you are looking at malware. Lastly, I will have an article series on reverse engineering for beginners going up on WindowSecurity soon. Keep an eye out for it.
Back to top
View user's profile Send private message Visit poster's website
Display posts from previous:   

Post new topic   Reply to topic   Printer-friendly version    Networking/Security Forums Index -> Programming and More All times are GMT + 2 Hours
Goto page Previous  1, 2
Page 2 of 2


 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum

Looking for more Windows Networking info?

Sign up to the WindowsNetworking.com Monthly Newsletter, written by Enterprise Security MVP Deb Shinder, containing news, the hottest tips, Networking links of the month and much more. Subscribe today and don't miss a thing!
View a sample newsletter.

Become a WindowsNetworking.com member!

Discuss your Windows Networking issues with thousands of other Windows Newtorking experts. Click here to join!

Community Area

Log in | Register

Readers' Choice

Which is your preferred data recovery solution?

Follow TechGenix on Twitter