Geek Answers Handbook

What is the best practice for reverse engineering a binary on Windows?

In my case, it is written in c/c++ , if that matters.

+4
source share
4 answers

Most reversers are still gurus. You must first ask yourself why I am reversing?

There are several main reasons that I can think of.

  • You are trying to crack the copy protection mechanism, pirated software, or cheat in a video game.
  • You work for an Anti-Virus company and must understand the virus or the latest threat. Or the government is trying to prevent war or espionage.
  • You start programming, and you mistakenly take the learning approach by redoing.
  • You are a competitor and you cannot find something (usually small) that they did.

In all these cases, the true goal is small (for example, one algorithm), even if the amount of code is large.

# 1 Hacking / Cracking and Cheating

It is pretty simple. You just need to defeat a lot of crawl control measures. Do not get caught. Penalties for hitting caught. DMCA violations, getting CD KEY is forbidden in the game, lawsuits ... Any good debugger will do. Wikipedia has a good article on Windows debuggers. Some of them are free, some are not. Be sure to include all anti-circumvention measures and hack your network.

# 2 Professional Researcher

They asked what you asked, a long time ago.

# 3 novice programmer

Computer programming is not to make it look easy. I will find out its types ... Even the most experienced programmers fail without documentation, samples and examples. At the very least, understand the Windows API, documents are located at MSDN.microsoft.com. This will teach you what you need to know .

# 4 Member

This is the most talked about form of reverse engineering. You will need extensive knowledge of the APIs used in the system. In this case, you need to know some of the Windows APIs by heart. If you do not change the code of competitors, it will be very difficult. What you do is what is known about the API, which the program should use to perform a specific task.

For example, if it prints a message box on the screen, set a breakpoint in the Windows API: MessageBoxW. Then look at the column to see where the code was run in the program, and open the code (with your brain ..) and find out what you need to know.

Reverse engineering takes hours

Antivirus authors probably automated the Windows API (which can take years) to look for things that are common to malicious code. Tools that cost less than $ 100 are usually not very automated, so you will use your brain a lot.

+3
source

you missed a few more reasons, curiosity, to find out how things are where they weren’t published, sometimes his Himalayas turn to us for nerds, why is it because there, and distrust of paranoia, they do the right thing, they are ethical for the mass population? All of the ones you listed are probably more common, although unfortunately.

It’s a lot of effort, but if the reason is learning, any tool is good, I’m definitely not a guru (some of those that I saw there are so fast), but I believe that if you take the approach, decompile, copy sections at a time, in basically rewriting the system while recording calls that have not yet been copied, you can cancel the design and determine the algorithms used.

+1
source

OllyDbg is another free reverse engineering tool for Windows with the IDA. You can find many tutorials and plugins, scripts, etc. From Tuts 4 You for both tools (the Lena for Jealousy for Beginners series is a great introduction to Ollie's use).

0
source

More articles:


All Articles