Introduction to Reverse Engineering Software

Abstract

This book is an attempt to provide an introduction to reverse engineering software under both Linux and Microsoft Windows©. Since reverse engineering is under legal fire, the authors figure the best response is to make the knowledge widespread. The idea is that since discussing specific reverse engineering feats is now illegal in many cases, we should then discuss general approaches, so that it is within every motivated user's ability to obtain information locked inside the black box. Furthermore, interoperability issues with closed-source proprietary systems are just plain annoying, and something needs to be done to educate more open source developers as to how to implement this functionality in their software.

[Note]Note

This book is actively being updated, and we are looking for a publisher. Please contact the authors if you are interested in helping to publish this book or know someone who would be.


Table of Contents

1. Introduction
2. The Compilation Process
3. Gathering Info
4. Determining Program Behavior
5. Determining Interesting Functions
6. Understanding Assembly
7. Debugging
8. Executable formats
9. Code Modification
10. Network Application Interception
11. Contribut(e|ions)!
12. Extra Resources
A. Tools
B. Documentation resouces
C. Web links and resources

List of Figures

1.1. Exploring a Hypothesis Space
2.1. The compilation Process
2.2. The Java Compile/Execute Path
3.1. Process Explorer
3.2. Depends
3.3. Netstat output
3.4. Ethereal capture
7.1. ASM in DDD
7.2. Stack Displays with New Display Window
8.1. PEView Executable Viewer
8.2. IMAGE_DOS_HEADER
8.3. IMAGE_NT_HEADERS
8.4. IMAGE_FILE_HEADER
8.5. IMAGE_OPTONAL_HEADERS
8.6. IMAGE_DATA_DIRECTORY
8.7. IMAGE_IMPORT_DIRECTORY
8.8. IMAGE_THUNK_DATA