interestingly, reverse engineering will captivate you after learning tips and tricks of it. as my first post regarding reverse engineering, it is better to explain what reverse engineering is. in fact, reverse engineering consists of several steps or processes to extract knowledge or comprehend the design flow of a human-made product. this product can be anything in this world. from industrial machines to tiny software such as a MP3 converter program. designers or it is better to be said, programmers ( not a significant number of them ) in our context, do their best to place some preventive mechanism to stop crackers. on the other hand, virus writers would obfuscate their runtime behaviour to deceive reverse engineer analysists while examination or to slip sneakily under the radar of anti-viruses. reverse engineer in software context defined by Chikosfky. as they published a research paper, they state: "Reverse engineering is the process of analysing a subject system to create representations of the system at a higher level of abstraction."
obfuscation is a famous terminology in software design and reverse engineering which is referred many times by books, articles and so on. in essence, obfuscation or anti-tempering techniques would protect and guard your program against those ones whose intent is to modify your application or somehow re-engineer it.
additionally, there are many fruitful tools which can be handy in different circumstances. to understand the behaviour of a specific program, you need to choose a debugger or disassembler at first to identify or gain the basic knowledge of it. once you figure out the program is obfuscated or dimmed, the next step must be the identification of obfuscator whether it is a ready-made one or a custom personal one is. some PE editors would recognise and do the responsibility. to restore everything to a normal state, an unpacker must be used and in those odd cases when you confront with a custom personal scheme, you should do the process of unpacking manually while this requires high skill.
after defeating the obfuscation phase, a debugger goes for the rest of way. it is important to realise that by using a debugger or disassembler, you can change the Strings, Trace some outgoing API calls and input/output functionality. typically, you would select your debuggers or disassembler based on the programming language of that executable. therefore, if you have a program which is written in VB6 and another one is written in C#, evidently, two different disassemblers would be used in this situation.
each one presents some unique features to ease the process of disassembling. you may often see that program is resistant to making any changes and within itself, some preventive mechanisms such as debugger detection, checksums add some trouble and hardship.
categories of Reverse engineering tools
after all, an arsenal of tools has been developed over the recent years and in the following four main categories, most of them can be included.
Hex editors: they provide a representational of base-16 or hexadecimal format of the binary data. they will also show the equivalent of base-16 in different ways, for instance: ASCII or Unicode
Disassembler/Debugger: these programs translate base-16 into assembly language while debuggers would run a program and give the user facility of terminating or pausing the application at a certain point. in most cases, these two kinds of software would be in a single product.
Decompilers: these programs would translate the executable program directly into source code.
Related tools: tiny programs which play an important role such as obfuscators, PE editors, memory analyser and dumper, packers and unpackers
No comments:
Post a Comment