Welcome to Reversing: Secrets of Reverse Engineering. This book was written after years of working on software development projects that repeatedly required reverse engineering of third party code, for a variety of reasons. At first this was a fairly tedious process that was only performed when there was simply no alternative means of getting information. Then all of a sudden, a certain mental barrier was broken and I found myself rapidly sifting through undocumented machine code, quickly deciphering its meaning and getting the answers I wanted regarding the code’s function and purpose. At that point it dawned on me that this was a remarkably powerful skill, because it meant that I could fairly easily get answers to any questions I had regarding software I was working with, even when I had no access to the relevant documentation or to the source code of the program in question. This book is about providing knowledge and techniques to allow anyone with a decent understanding of software to do just that.
The idea is simple: we should develop a solid understanding of low-level software, and learn techniques that will allow us to easily dig into any program’s binaries and retrieve information. Not sure why a system behaves the way it does and no one else has the answers? No problem—dig into it on your own and find out. Sounds scary and unrealistic? It’s not, and this is the very purpose of this book, to teach and demonstrate reverse engineering techniques that can be applied daily, for solving a wide variety of problems. But I’m getting ahead of myself. For those of you that haven’t been exposed to the concept of software reverse engineering, a little introduction is in order.
Here is a brief listing of some of the topics discussed throughout this book:
■■ Assembly language for IA-32 compatible processors and how to read compiler-generated assembly language code.
■■ Operating systems internals and how to reverse engineer an operating system.
■■ Reverse engineering on the .NET platform, including an introduction to the .NET development platform and its assembly language: MSIL.
■■ Data reverse engineering: how to decipher an undocumented file-format or network protocol.
■■ The legal aspects of reverse engineering: when is it legal and when is it not?
■■ Copy protection and digital rights management technologies.
■■ How reverse engineering is applied by crackers to defeat copy protection technologies.
■■ Techniques for preventing people from reverse engineering code and a sober attempt at evaluating their effectiveness.
■■ The general principles behind modern-day malicious programs and how reverse engineering is applied to study and neutralize such programs.
■■ A live session where a real-world malicious program is dissected and revealed, also revealing how an attacker can communicate with the program to gain control of infected systems.
■■ The theory and principles behind decompilers, and their effectiveness on the various low-level languages.
- Chapter 1 Foundations
- Chapter 2 Low-Level Software
- Chapter 3 Windows Fundamentals
- Chapter 4 Reversing Tools
- Chapter 5 Beyond the Documentation
- Chapter 6 Deciphering File Formats
- Chapter 7 Auditing Program Binaries
- Chapter 8 Reversing Malware
- Chapter 9 Piracy and Copy Protection
- Chapter 10 Antireversing Techniques
- Chapter 11 Breaking Protections
- Chapter 12 Reversing .NET
- Chapter 13 Decompilation