flat assembler
Message board for the users of flat assembler.

Index > Heap > Reverse Engineering

Goto page 1, 2  Next
Author
Thread Post new topic Reply to topic
ssp



Joined: 05 Mar 2007
Posts: 38
Location: India
ssp
Hi all!

Maybe someone in here knows about or have some idea on Reverse
Enginnering.

That will be of great help.

_________________
From: Sandeep
Post 20 Jun 2007, 05:38
View user's profile Send private message Yahoo Messenger Reply with quote
kohlrak



Joined: 21 Jul 2006
Posts: 1421
Location: Uncle Sam's Pad
kohlrak
Enginnering something in computers would be making a program from source. So Reverse enginering would be turning it back into a source. If compilers convert all code to assembly (or humans manually write assembly code) and all the assembly code is converted to binary, then the reverse enginered code would be called dis-assembly code. If we use a program to assemble it called an assembler, then a program to dis-assemble it would be called a disassembler. Not that you probably couldn't figure that out on your own (i'm sure you can), but i love simplicity and i had to say it.

Anyway, i don't keep any dis-assemblers handy with me aside from ollydbg. So, either you'll have to google it up or i'll find the olly link for you. Problem is, there aren't any disassemblers out there that support fasm's format. Usually masm or tasm or something of that such. So that means you'll have to write a fasm code an dis-assemble it and learn the new format in comperison to fasm format, which you're used to, before you can dis-assemble other codes. Worse yet, dis-assemblers usually don't use macros in the dis-assembly, and they usually can't differenciate between variables and normal code (just like the processor). Ollydbg can't, but i've noticed it dosn't fail to dis-assemble the codes part correctly, but i havn't used it that much.
Post 20 Jun 2007, 05:54
View user's profile Send private message Visit poster's website AIM Address Yahoo Messenger MSN Messenger Reply with quote
ssp



Joined: 05 Mar 2007
Posts: 38
Location: India
ssp
I believe that I need a De-Compiler (I'm Goooogling...).

The tools for De-Compiling should understand the format of the
executable formtas to be De-Compiled.

Besides after seeing the output it is hard to deduce the logic
of the program.
Post 20 Jun 2007, 06:11
View user's profile Send private message Yahoo Messenger Reply with quote
kohlrak



Joined: 21 Jul 2006
Posts: 1421
Location: Uncle Sam's Pad
kohlrak
Quote:
The tools for De-Compiling should understand the format of the
executable formtas to be De-Compiled.


Good in theory, but with all the programming languages out there it's impossible to get one that would support them all. Worse yet comes the issue that it's impossible for a computer to tell which format the code was compiled in.

Quote:
Besides after seeing the output it is hard to deduce the logic
of the program.


Reverse engineering is notoriously hard. Usually it's more effort to reverse than it is to make.
Post 20 Jun 2007, 09:12
View user's profile Send private message Visit poster's website AIM Address Yahoo Messenger MSN Messenger Reply with quote
DustWolf



Joined: 26 Jan 2006
Posts: 373
Location: Ljubljana, Slovenia
DustWolf
Notoriously hard := fun if you're geeky enough.

Decompilers usually don't work very well, because due to optimization, conditional compiling, etc, it's often impossible to deduce a HLL's code from the compiled code. So the only other way is to dissasemble the code and look inside, learn to recgotnize the structures yourself and such.

Reverse engineering is not an easier route to making one's own program, it is however a great way to learn how something works.

What are you trying to make?
Post 20 Jun 2007, 10:27
View user's profile Send private message AIM Address Yahoo Messenger MSN Messenger Reply with quote
HyperVista



Joined: 18 Apr 2005
Posts: 691
Location: Virginia, USA
HyperVista
ssp - first, get a copy of OllyDbg (free) here. Next you will want to get a copy of IDA Pro. IDA is a little pricey, but you can get an evaluation copy here. I believe you will have to search through the website to find the demo, but it's there somewhere.
These two tools, and those like it (debugger and disassembler), are the foundation of most reverse engineering activities. You may be interested to learn that IDA pro is now beta testing a decompiler that is integrated with their disassembler. Beta testing is closed for now, but expect it to be included in a future release of their product.
Good luck and have fun.
Post 20 Jun 2007, 11:29
View user's profile Send private message Visit poster's website Reply with quote
LocoDelAssembly
Your code has a bug


Joined: 06 May 2005
Posts: 4633
Location: Argentina
LocoDelAssembly
Old but freeware version of Ida Pro

http://www.program-transformation.org/ <- Site I just found when looking for Ida Pro that might be interesting
Post 20 Jun 2007, 15:51
View user's profile Send private message Reply with quote
ssp



Joined: 05 Mar 2007
Posts: 38
Location: India
ssp
DustWolf wrote:
What are you trying to make?

I am not trying to make anything.

I want to Reverse Engineer mostly to achieve the following:
* Try to learn about hard to find driver softwares.
* May be learn from a malicious code.
* For trying to run an Evaluation Version of a Software after the trial
period is over.
* Besides, may be, it can help me learn about any program, that I
found useful/clever/obscure, especially when it's source is not available.

_________________
From: Sandeep
Post 21 Jun 2007, 02:29
View user's profile Send private message Yahoo Messenger Reply with quote
ssp



Joined: 05 Mar 2007
Posts: 38
Location: India
ssp
kohlrak wrote:

Good in theory, but with all the programming languages out there it's impossible to get one that would support them all. Worse yet comes the issue that it's impossible for a computer to tell which format the code was compiled in.


A De-Compiler for example should know that it is decompiling a PE .EXE file
and not a pure binary file, this way the De-Compiler will be able to ascertain
which part is code and which is data, and will be able to De-Compile the code
properly.

I believe it will be harder to understand the De-Compiled Perl programs
than for example De-Compiled C programs.

_________________
From: Sandeep
Post 21 Jun 2007, 02:36
View user's profile Send private message Yahoo Messenger Reply with quote
ssp



Joined: 05 Mar 2007
Posts: 38
Location: India
ssp
Thanks a lot HyperVista and LocoDelAssembly for links.
Post 21 Jun 2007, 02:41
View user's profile Send private message Yahoo Messenger Reply with quote
kohlrak



Joined: 21 Jul 2006
Posts: 1421
Location: Uncle Sam's Pad
kohlrak
Quote:
A De-Compiler for example should know that it is decompiling a PE .EXE file
and not a pure binary file, this way the De-Compiler will be able to ascertain
which part is code and which is data, and will be able to De-Compile the code
properly.


A sample of how i code below.

Code:
entry main

section '.code' readable writeable executable
var1 dd 0
var2 dd 0
;=============================
main:    


As you can see, i put my variables with my normal code, i just make sure it executes after the variables. Not a de-compiler nor a disassembler can tell the difference. And that method works fine. It's not "proper etiquette" but "proper etiquette" is not ment to be taken seriously.
Post 21 Jun 2007, 07:04
View user's profile Send private message Visit poster's website AIM Address Yahoo Messenger MSN Messenger Reply with quote
m



Joined: 28 Dec 2006
Posts: 304
Location: in
m
But the microprocessor will not be confused by this, and I strongly believe
that a good decompiler will handle it cleverly.

A decompiler knowing the format of executable will know the entry point
of the program and may not be confused by the above.
Post 21 Jun 2007, 08:18
View user's profile Send private message Reply with quote
kohlrak



Joined: 21 Jul 2006
Posts: 1421
Location: Uncle Sam's Pad
kohlrak
Olly was confused. It displayed my variables section as if it was normal code. =p Clever planning and initializing a variable with 1 byte of a multi-byte opcode just might confuse most decompilers. It's all a matter of weather or not they can identify the entry point.
Post 21 Jun 2007, 09:10
View user's profile Send private message Visit poster's website AIM Address Yahoo Messenger MSN Messenger Reply with quote
m



Joined: 28 Dec 2006
Posts: 304
Location: in
m
Sorry but I am still persistent with my feelings.
If microprocessor is not confused by the code and executes it as
expected then in theory it is perfectly reasonable to expect that some
decompiler will output correct asm instructions unlike microprocessor
who executes them.
Post 21 Jun 2007, 23:22
View user's profile Send private message Reply with quote
kohlrak



Joined: 21 Jul 2006
Posts: 1421
Location: Uncle Sam's Pad
kohlrak
Does the microprocessor try to read the program or just throw it into memory and read it instruction at a time ignoring what it dosn't execute or modify?
Post 21 Jun 2007, 23:25
View user's profile Send private message Visit poster's website AIM Address Yahoo Messenger MSN Messenger Reply with quote
f0dder



Joined: 19 Feb 2004
Posts: 3170
Location: Denmark
f0dder
m: keep in mind that running code can do things that can't really be done at disassembly time. Self-modifying code and "jump to middle of instruction", handling jump tables, etc. are hard to do sensibly in a disassembler.

Decent disassemblers have to be interactive, simply because they can't ever be perfect.

Kohlrak: the CPU has no notion of programs, it only has a stream of instructions... Smile
Post 22 Jun 2007, 00:05
View user's profile Send private message Visit poster's website Reply with quote
kohlrak



Joined: 21 Jul 2006
Posts: 1421
Location: Uncle Sam's Pad
kohlrak
Quote:
Decent disassemblers have to be interactive, simply because they can't ever be perfect.


it's a miracle. We agree for the first time in a few days...
Post 22 Jun 2007, 00:21
View user's profile Send private message Visit poster's website AIM Address Yahoo Messenger MSN Messenger Reply with quote
f0dder



Joined: 19 Feb 2004
Posts: 3170
Location: Denmark
f0dder
kohlrak wrote:
Quote:
Decent disassemblers have to be interactive, simply because they can't ever be perfect.

it's a miracle. We agree for the first time in a few days...


No disassembler worth it's salt is going to be confused by trivial mixing of code and data, though. And olly isn't a disassembler Smile

_________________
Image - carpe noctem
Post 22 Jun 2007, 00:30
View user's profile Send private message Visit poster's website Reply with quote
kohlrak



Joined: 21 Jul 2006
Posts: 1421
Location: Uncle Sam's Pad
kohlrak
f0dder wrote:
kohlrak wrote:
Quote:
Decent disassemblers have to be interactive, simply because they can't ever be perfect.

it's a miracle. We agree for the first time in a few days...


No disassembler worth it's salt is going to be confused by trivial mixing of code and data, though.


Have one you want to put to the test? =p

Quote:
And olly isn't a disassembler Smile


I'm aware, but it has one on board.
Post 22 Jun 2007, 00:45
View user's profile Send private message Visit poster's website AIM Address Yahoo Messenger MSN Messenger Reply with quote
f0dder



Joined: 19 Feb 2004
Posts: 3170
Location: Denmark
f0dder
DataRescue IDA Pro... it's the best thing out there that I know of. But yeah, it does cost. There's some free/demo version available on simtel though (two versions, iirc the older version is less restricted but of course not updated as the newer version).
Post 22 Jun 2007, 00:48
View user's profile Send private message Visit poster's website Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  
Goto page 1, 2  Next

< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Copyright © 1999-2020, Tomasz Grysztar.

Powered by rwasa.