Book Image

Mastering Reverse Engineering

By : Reginald Wong
Book Image

Mastering Reverse Engineering

By: Reginald Wong

Overview of this book

If you want to analyze software in order to exploit its weaknesses and strengthen its defenses, then you should explore reverse engineering. Reverse Engineering is a hackerfriendly tool used to expose security flaws and questionable privacy practices.In this book, you will learn how to analyse software even without having access to its source code or design documents. You will start off by learning the low-level language used to communicate with the computer and then move on to covering reverse engineering techniques. Next, you will explore analysis techniques using real-world tools such as IDA Pro and x86dbg. As you progress through the chapters, you will walk through use cases encountered in reverse engineering, such as encryption and compression, used to obfuscate code, and how to to identify and overcome anti-debugging and anti-analysis tricks. Lastly, you will learn how to analyse other types of files that contain code. By the end of this book, you will have the confidence to perform reverse engineering.
Table of Contents (20 chapters)
Title Page
Copyright and Credits
Packt Upsell
Contributors
Preface
Index

Try it yourself


To try out the tools we have learned about, let's try doing some static analysis on ch4_2.exe. To help out, here's a list of what we need to find:

  • File information:
    • file type
    • imported DLLs and APIs
    • text strings
    • file hash
  • What the file does

Jumping right into getting file information, we will use TrID (http://mark0.net/soft-trid-e.html) to identify the file type. Execute the following line:

trid cha4_2.exe

 

The TrID result tells us that we have here a Windows 32-bit executable file that is UPX packed:

Knowing that this is a UPX packed file, we can try the UPX (https://upx.github.io/) tool's decompress feature to help us restore the file back to its original form before it was packed. A packed file is a compressed executable file that decompresses and then executes the program during runtime. The primary purpose of a packed file is to reduce the file size of executables while retaining the program's original  behavior. We will be discussing more about packers in Chapter 10, Packing...