Introduction To Reverse Engineering Software

Welcome    Why?    Training    Games    ChangeBlog    College Classes    Submit Content

 

Creator:     Matt Briggs  


License:    Creative Commons: Attribution, Share-Alike

(http://creativecommons.org/licenses/by-sa/3.0/)


Lab Requirements: Windows system with IDA Pro (Free 5.0 is acceptable)


Class Textbook: Reversing: Secrets of Reverse Engineering by Eldad Eilam.


Recommended Class Duration: 2 days


Creator Available to Teach In-Person Classes: Yes


Author Comments:


Throughout the history of invention curious minds have sought to understand the inner workings of their gadgets. Whether investigating a broken watch, or improving an engine, these people have broken down their goods into their elemental parts to understand how they work. This is Reverse Engineering (RE), and it is done every day from recreating outdated and incompatible software, understanding malicious code, or exploiting weaknesses in software.


In this course we will explore what drives people to reverse engineer software and the methodology and tools used to do it.


Topics include, but are not limited to:

•Uses for RE

•The tricks and pitfalls of analyzing compiled code

•Identifying calling conventions

•How to navigate x86 assembly using IDA Pro

•Identifying Control Flows

•Identifying the Win32 API

•Using a debugger to aid RE

•Dynamic Analysis tools and techniques for RE


During the course students will complete many hands on exercises.


This class will serve as a prerequisite for a later class on malware analysis.




Course Material (TiddlyWiki & analyzed binaries)


To bypass exe filters, e.g. so this can be sent through email, this is an encrypted zip with a password of “reclass2011”. All of the .exe files have been renamed to .ex_. On Mac OS X 10.6 and below, you will have to open the zip file from Terminal in order to get the password prompt.



Revision History:

01-27-2012 - Created some 'missing' content, fixed a few flaws, and added a write-up for the last task

06-16-2011 - Initial class content upload


Coming soon: Video has been recorded and is currently being edited.


If you have used and modified this material, we would appreciate it if you submit your modified version for publishing here, so that all versions can benefit from your changes.