Reverse Engineering (Reversing)

 

Recommended Books

 
    

If using Ubuntu: Beginning x64 Assembly Programming: From Novice to AVX Professional

Hacking Exposed: 12 Books on Hacking

Get Certified: CEH Certified Ethical Hacker Bundle, Fourth Edition 4th Edition


 
 

What is reversing?

 
“Reverse engineering (also known as backwards engineering or back engineering) is a process or method through the application of which one attempts to understand through deductive reasoning how a device, process, system, or piece of software accomplishes a task with very little (if any) insight into exactly how it does so.” -Wikipedia

Learning how to reverse engineer software (and hardware) is not easy. The process can require advanced knowledge in areas of high-level and low-level programming, networking, both software and hardware design, operating system architecture, and well-honed skills in process analysis and troubleshooting. Like with many fields, learning how and when to use the tools of the trade is essential to the job.
 
 

Resources

 
Reverse Engineering on reddit (website)  [free]

Reversing on Stackoverflow (website)  [free]

eForensics Magazine on twitter (website)  [free]

DigitalForensicsMag on twitter (website)  [free]

Reverse Engineering Primer (website)  [free]

Reverse Engineering for Beginners (1,048 pages) (PDF)  [free]

Reverse Engineering for Beginners (scanlime-in-progress) (video) (9h 45m)  [free]

Pull apart an EXE file with Ghidra (Reverse Engineering) (video) (45m)  [playlist] [free]

Software Reversing Engineering (Drexel University) (PPT)  [free]

CS675 Software Reverse Engineering (Drexel University) (website)  [free]

CS 4379/5375 Software Reverse Engineering (University of Texas) (website)  [free]

IDA Pro Overview (infosecinstitute) (website)  [free]

x86 Assembly Guide (website)  [free]

x64 Assembly Cheat Sheet (PDF)  [free]

Reverse Engineering Cheat Sheet (PDF)  [free]

Advanced Windows Debugging (book)  [paid]

Inside Windows Debugging (Developer Reference) (book)  [paid]

 

Some Common Tools I Use

* the ones in orange, I use the most

• Ida Pro (disassembler and debugger—very useful)  |  book
• Windows Tools
• Ollydbg
• gdb
• SimpleProgramDebugger
• Immunity Debugger
• Windbg  (view Windows dump files)
• Resource Hacker
• Ghidra (reverse engineering suite of tools)  |  book
• 7zip  (compression tool, but you can analyze many formats)
• HxD Hexeditor
• Hex Editor Neo
• WinINSTALL by Scalable (for capturing changes)
• Prism pictaker (take snapshots—capture changes)
• x64dbg (binary debugger for Windows)
• Reko Decompiler (decompiler for machine code binaries)
• nasm    x64 software conventions
• sasm
• PEiD tools
• PE Tools
• Fiddler (great for capturing & analyzing web traffic)
• Wireshark (great for capturing & analyzing network traffic)
• SysInternals Tool – ProcMon (capture & analyze process data, especially useful for errors or installations)
• SysInternals Tool – TCPView
• SysInternals Tool – ProcExp (analyze processes)
• file
• nm
• ldd
• otool
• dumpbin
• SysInternals Tool – Strings (export visible, possibly usable strings from a file or folder)
• strip
• Orca (read MSIs)

 

Posts coming soon…