Introduction To Reverse Engineering Software

[Nytro]

Introduction To Reverse Engineering Software

Creator: Matt Briggs

License: Creative Commons: Attribution, Share-Alike

(http://creativecommons.org/licenses/by-sa/3.0/)

Lab Requirements: Windows system with IDA Pro (Free 5.0 is acceptable). Microsoft Visual Studio 2008 redistributable package.

Class Textbook: Reversing: Secrets of Reverse Engineering by Eldad Eilam.

Recommended Class Duration: 2 days

Creator Available to Teach In-Person Classes: Yes

Author Comments:

Throughout the history of invention curious minds have sought to understand the inner workings of their gadgets. Whether investigating a broken watch, or improving an engine, these people have broken down their goods into their elemental parts to understand how they work. This is Reverse Engineering (RE), and it is done every day from recreating outdated and incompatible software, understanding malicious code, or exploiting weaknesses in software.

In this course we will explore what drives people to reverse engineer software and the methodology and tools used to do it.

Topics include, but are not limited to:

•Uses for RE

•The tricks and pitfalls of analyzing compiled code

•Identifying calling conventions

•How to navigate x86 assembly using IDA Pro

•Identifying Control Flows

•Identifying the Win32 API

•Using a debugger to aid RE

•Dynamic Analysis tools and techniques for RE

During the course students will complete many hands on exercises.

This class will serve as a prerequisite for a later class on malware analysis. Before taking this class you should take Introduction to Intel x86 or have equivalent knowledge.

Class Materials

All Material (TiddlyWiki (html+javascript) & analyzed binaries (PE))

To bypass exe filters, e.g. so this can be sent through email, this is an encrypted zip with a password of “reclass2011”. All of the .exe files have been renamed to .ex_. On Mac OS X 10.6 and below, you will have to open the zip file from Terminal in order to get the password prompt.

Full quality downloadable QuickTime, h.264, and Ogg videos at Archive.org:

Day 1 Part 1 (57:36, 706 MB)

Day 1 Part 2 (1:17:18, 1 GB)

Day 1 Part 3 (29:49, 453 MB)

Day 1 Part 4 (38:36, 530 MB)

Day 1 Part 5 (36:06, 500 MB)

Day 2 Part 1 (49:29)

Day 2 Part 2 (54:58)

Day 2 Part 3 (40:09)

Day 2 Part 4 (1:10:10)

Day 2 Part 5 (58:51)

(8:33:02 total, sans lab time)

The videos are useful for students, but also more useful for potential instructors who would like to teach this material. By watching the video, you will better understand the intent of some slides which do not stand on their own. You are recommended to watch the largest size video so that the most possible text is visible without having to follow along in the slides.

Revision History:

07-08-2012 - Day 2 videos uploaded to YouTube, & both days uploaded to Archive.org

07-01-2012 - Day 1 videos uploaded to YouTube

01-27-2012 - Created some 'missing' content, fixed a few flaws, and added a write-up for the last task

06-16-2011 - Initial class content upload

If you have used and modified this material, we would appreciate it if you submit your modified version for publishing here, so that all versions can benefit from your changes.

Sursa: IntroductionToReverseEngineering