-
July 5th, 2004, 08:11 PM
#1
Member
Reverse Engineering
Hey guys:
I've recently gotten back into programming (thanks for the suggestions guys) and I wanted to find out how I can reverse engineer a programm to see it's coding. I do have a hex editor... but, he, I can't read binary code yet (can't see the blondes and redheads). I'm guessing the first step is to get it into hex? But, then what? Could I see it in any language I want? or do I have to trial-and-error to find out what language was used?
\"I ONLY DRINK THE BLOOD OF MY ENEMIES....and maybe a strawberry yoohoo....and a...Pina Co-la-da!...
If you like pina coladas....ugh!, gettin\' caught in the rain....ugh!\"
-Sarge
-
July 5th, 2004, 08:20 PM
#2
When a program is compiled it ends up in machine code. Humans cannot read this. What you have to do is dissassemble the program. This will turn it into assembly. (A language if you didn't know.) From there, you can do what you'd like with it... Assuming you are fluent in assembly.
I'm guessing that you want a decompiler though.
Maybe someone else here has a link or some more info.
Real security doesn't come with an installer.
-
July 5th, 2004, 08:24 PM
#3
I'm no specialist here but i think you should do that in assembly (asm). Go with Wdasm if you can find it on the net, i had good results with it.
Version 8.93 here
Now i just hope you won't go crack a shareware or something!
-
July 5th, 2004, 08:45 PM
#4
I know there was a thread back a while about the differences between compilers, decompilers, IDEs etc. Apparently, decompilers would attempt to return some language code to you. One must realize that it would be very flaky and with a high chance of not working exactly like the original... The decompiler can try to interpret what the program is doing but it cannot be sure of it.
Anyway ASM is the way to go, it will take you a while to learn but IMHO there's a lot one can still do with this language.
/ \\
-
July 5th, 2004, 08:54 PM
#5
Doing reverse engineering in a compiled program is a HUGE task.
You need to deal with a diferent structure for each compilers.
Some compilers add a bunch of subroutines (i.e. VB) and it really doesnt matter to you.
Reverse engineering is used to be done one small pieces of code, on each function to reproduce some behavior. Get a program and try to reverse it can be a endless (and frustrating) task.
If you are starting at programming area i strond advice AGAINST going on that way.
You need a lot of expertise to recognise structures and decode ASM in the original function.
If u want to go in that path, go deeply on C and after 2 years, return on this path :P
Meu sítio
FORMAT C: Yes ...Yes??? ...Nooooo!!! ^C ^C ^C ^C ^C
If I die before I sleep, I pray the Lord my soul to encrypt. If I die before I wake, I pray the Lord my soul to brake.
-
July 5th, 2004, 09:36 PM
#6
Err...........no, I don't think so
I've recently gotten back into programming (thanks for the suggestions guys) and I wanted to find out how I can reverse engineer a programm to see it's coding
Now, with a small program like a virus, that is possible...............but you do not say what you are looking at?.........like how big is the compiled code file, for example?
I would need a lot more information to even try to point you in the right direction..............
Sorry, it is not easy...........or there would be no security, no copyright, and no AO............and no internet for that matter?
just my thoughts
-
July 6th, 2004, 09:20 AM
#7
One of the best programs to assist you in reverse engineering is IDA Pro. You can find it here http://www.datarescue.com/idabase/ . Another great help is the SoftIce debugger. SoftIce is part of the Driverstudio or DevPartner64 suites http://www.compuware.com .
None of these programs are free though.
As some people already pointed out reverse engineering a big program can be a real pain in the butt. You will have to know how a compiler works. You'll need to know how structures are represented in assembly etc. etc.
But if you want to take alook at how a virus or any other piece of malware works IDA pro should suffice.
Oliver's Law:
Experience is something you don't get until just after you need it.
-
July 6th, 2004, 09:28 AM
#8
Junior Member
Hi guys,
I think I can put this doubt here. When you compile a simple C program as this :
#include<stdio.h>
void main() {
printf("Hello World\n");
}
in the output .exe file, when I edited with a hex editor, I dont find the "Hello World\n" string anywhere. How can I get that ? And also tell me why and how it is obscured...
Thanks in advance.....
iMirage
-
July 6th, 2004, 09:32 AM
#9
Hmm upon decompiling do you have the ASCII equivalent of the HEX too? I had to do a bunch of cracking challenges a while back, and a simple plaintext password in a file [as this text should be] would be stored in plaintext in the ASCII when opened in a HEX editor.
But.. who knows...
/ \\
-
July 6th, 2004, 02:40 PM
#10
\n is part of printf syntax and is not stored with the string.
hypronyx is right. you must see hex-->ascii conversion
Meu sítio
FORMAT C: Yes ...Yes??? ...Nooooo!!! ^C ^C ^C ^C ^C
If I die before I sleep, I pray the Lord my soul to encrypt. If I die before I wake, I pray the Lord my soul to brake.
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|