Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Learning Reverse Engineering

michael posted more than 11 years ago | from the click-and-drag dept.

Programming 211

TheBoostedBrain writes "Mike Perry and Nasko Oskov have written a very complete article about reverse engineering. It provides an introduction to reverse engineering software under both Linux and Windows."

Sorry! There are no comments related to the filter you selected.

fp (-1, Flamebait)

Anonymous Coward | more than 11 years ago | (#6379276)

hahah u are gay 20721 owns u

Re:fp (-1, Offtopic)

Anonymous Coward | more than 11 years ago | (#6379463)

It's interesting, the emotional response in someone who is told that they're wrong by a less than respected demographic. Both living with an induced emotion created by another who wears the guise of friendship. Preying upon and profiting off of division until such a gulf has been created both sides won't dare to breach even with the acknowledged mischief.

Yet always by nature or intent, balance is maintained.

BTW, this employment "do you want fries with that sir" scam, was created and encouraged under the clinton administration. The liberal 24 hrs campaigning system is running into over drive, I guess they've decided it's time to stop selling penis and breast enlargement and generally making me feel like a big bag of shit (which of course, isn't my fault) and blame it on another.

Colleges that earn on a sliding value of placement of their students. A guarantee if it were.

Fud factor number nine.

First post (-1, Flamebait)

Anonymous Coward | more than 11 years ago | (#6379278)

I had sex with your little daughter too.

Re:First post (-1, Troll)

Anonymous Coward | more than 11 years ago | (#6379478)

lesbo

Mirror (2, Informative)

seanadams.com (463190) | more than 11 years ago | (#6379281)


Mirror here, just in case [slimdevices.com] .

What would we do without wget --recursive?

Re:Mirror (5, Funny)

SweetAndSourJesus (555410) | more than 11 years ago | (#6379316)

What would we do without wget --recursive?

We would use wget -r.

GNU-style flags are annoying to us lazy folk :P

Fuck yes (0)

Anonymous Coward | more than 11 years ago | (#6379560)

  • -h: 2 chars
  • --help: 6 chars
That's three times as many keystrokes. What's worse is when a program doesn't use -h for anything. Yet another reason to hate the GNU.

Re:Mirror (0)

Anonymous Coward | more than 11 years ago | (#6379344)

Thoughtful, but I think the University of Illinois is up to the task.

Re:Mirror (2, Informative)

Anonymous Coward | more than 11 years ago | (#6379364)

Here's another one [nada.kth.se] . Please use it - I want to see the Slashdot effect in action.

Re:Mirror (1)

now3djp (621650) | more than 11 years ago | (#6379394)

Well, it has already changed

http://www.slimdevices.com/temp/reveng/www.acm.u iu c.edu/sigmil/RevEng/

For origional, seems just the structure has been modified.

JG

Re:Mirror (0)

Anonymous Coward | more than 11 years ago | (#6379402)

FYI: Your mirror is already out-of-date. Note the original page notes it's constantly being updated, and it has.

Re:Mirror (0)

Anonymous Coward | more than 11 years ago | (#6379475)

butta bib

a bib made vbutter it's delicioyus

evergreen! don 't grope awolfd raider.

What happens when the original 404s? (5, Funny)

kilogram (520192) | more than 11 years ago | (#6379406)

This [uiuc.edu] . One of the funnier 404 messages I've seen. Take a look at the source for the page so you won't have to wait for the slow version of the text. :)

Re:What happens when the original 404s? (0)

Anonymous Coward | more than 11 years ago | (#6379513)

Yea, it is a quite nice error message but actually rather old already. I have seen it in various languages for many years now.

Re:What happens when the original 404s? (1)

deadsaijinx* (637410) | more than 11 years ago | (#6379540)

god, worse than my ex with all her bitching

Re:What happens when the original 404s? (0)

spudchucker (680073) | more than 11 years ago | (#6379740)

New to the web?

Re:What happens when the original 404s? (2, Funny)

RestiffBard (110729) | more than 11 years ago | (#6379775)

hilarious. now we're trying to slashdot 404s?

Fravia (0)

Anonymous Coward | more than 11 years ago | (#6379421)

has been doing all this for years:

http://fravia.anticrack.de/

Re:Mirror (1)

corran__horn (178058) | more than 11 years ago | (#6379825)

I don't think it will be necessary (unless 100MB isn't enough :P )

As a sidenote: congrats to Perry and Nasko!

Betting pool anyone? (3, Insightful)

Surak (18578) | more than 11 years ago | (#6379282)

How long before this site is taken down for DMCA violations?

Re:Betting pool anyone? (1)

Raven42rac (448205) | more than 11 years ago | (#6379290)

How will they be able to gather evidence after it gets /.ed??

Re:Betting pool anyone? (5, Funny)

phalse phace (454635) | more than 11 years ago | (#6379307)

... taken down for DMCA violations?

No need to. We'll take care of it just fine.

Re:Betting pool anyone? (1)

netdemonboberb (314045) | more than 11 years ago | (#6379327)

That's why I'm using my beautiful wget before this is lost forever.

Re:Betting pool anyone? (1)

deadsaijinx* (637410) | more than 11 years ago | (#6379552)

yeah, cept your wget eats up bandwidth on stuff you might never need, only further harming their server

Re:Betting pool anyone? (0)

Anonymous Coward | more than 11 years ago | (#6379339)

How long before this site is taken down for DMCA violations?

When authors of "risky" sites like this have dissemination of information as their true goal, they should make the entire site downloadable as .zip file to be certian even if the Black Helicopters fire a missile at the server, the information never dies.

DMCA i.r.t. Reverse Engineering (5, Informative)

heli0 (659560) | more than 11 years ago | (#6379366)

`(f) REVERSE ENGINEERING- (1) Notwithstanding the provisions of subsection (a)(1)(A), a person who has lawfully obtained the right to use a copy of a computer program may circumvent a technological measure that effectively controls access to a particular portion of that program for the sole purpose of identifying and analyzing those elements of the program that are necessary to achieve interoperability of an independently created computer program with other programs, and that have not previously been readily available to the person engaging in the circumvention, to the extent any such acts of identification and analysis do not constitute infringement under this title.

`(2) Notwithstanding the provisions of subsections (a)(2) and (b), a person may develop and employ technological means to circumvent a technological measure, or to circumvent protection afforded by a technological measure, in order to enable the identification and analysis under paragraph (1), or for the purpose of enabling interoperability of an independently created computer program with other programs, if such means are necessary to achieve such interoperability, to the extent that doing so does not constitute infringement under this title.

`(3) The information acquired through the acts permitted under paragraph (1), and the means permitted under paragraph (2), may be made available to others if the person referred to in paragraph (1) or (2), as the case may be, provides such information or means solely for the purpose of enabling interoperability of an independently created computer program with other programs, and to the extent that doing so does not constitute infringement under this title or violate applicable law other than this section.

`(4) For purposes of this subsection, the term `interoperability' means the ability of computer programs to exchange information, and of such programs mutually to use the information which has been exchanged.


DMCA [eff.org]

Re:DMCA i.r.t. Reverse Engineering (2, Insightful)

Surak (18578) | more than 11 years ago | (#6379423)

The letter of the law means nothing when Microsoft/SCO/**AA/All that is evil in the world/etc. sicks a team of lawyers on the poor unsuspected guy who posted it. It's not what the law is, it's how much money you can spend on lawyers. Haven't you figured that out yet?

Re:DMCA i.r.t. Reverse Engineering (1)

yaphadam097 (670358) | more than 11 years ago | (#6379856)

Interesting that this doesn't include a provision for circumventing protection for the purpose of black box testing. It seems to me that one of the most practical uses of reverse engineering in industry is to verify that the software does what you need it to do reliably and predictably. Such a legitimate use of reverse engineering is good for the supplier, the customer, and the end user, because it ensures the efficacy of the product for a particular use. For the end user, this ensures that the product performs as advertised. In some cases safety might even be at stake. For the corporate user risk is significantly reduced when you buy a product knowing that it will do what you need it to. For the original author, the loss of revenue due to piracy is probably less of a risk that the litigation that arrises from selling a product that doesn't do what it says it does.

Re:Betting pool anyone? (0)

Anonymous Coward | more than 11 years ago | (#6379383)

Well little buddy, since you paid for this slashcrap you feel it's your god given right to post some witty comment regarding a bunch of stuff (DMCA, SCO, Caldera, Goatse and so on?)

Re:Betting pool anyone? (2, Funny)

__past__ (542467) | more than 11 years ago | (#6379410)

DMCA? They have weapons of mass decompilation, dammit!

Re:Betting pool anyone? (1)

Surak (18578) | more than 11 years ago | (#6379435)

DMCA? They have weapons of mass decompilation, dammit!

So you're expecting a few bunker busters courtesy of G. W. Bush in their server room anytime now? ;)

Reverse Engineered (1, Funny)

yintercept (517362) | more than 11 years ago | (#6379460)

Undoubtedly, someone will have a copyright/patent on reverse engineering methodologies.

So, I would suspect the site will have to be taken down if it is just a copy of the copyrighted reverse enginieering process. However, if it was properly reversed engineered, then it would not be considered a copy...or, uh, something like that.

Re:Betting pool anyone? (0)

Anonymous Coward | more than 11 years ago | (#6379575)

Answer : Never.

No-one cares about this little site in the middle of no-where that gets 2 seconds of fame and glory. it means nothing, it is no threat and they really don't care about Joe Blogg's site about reverse engineering ...

Besides, you'd actually have to know what reverse engineering is to be able to percieve it as a threat ...

1st post (-1, Offtopic)

Anonymous Coward | more than 11 years ago | (#6379286)

did i win?

fp (-1, Offtopic)

Anonymous Coward | more than 11 years ago | (#6379287)

powermac g5 forever!!!!!!!!!

This is another one... (1)

inode_buddha (576844) | more than 11 years ago | (#6379288)

that's about to gain a permanent spot in my book collection. 'Nuff said.

Re:This is another one... (-1, Flamebait)

Anonymous Coward | more than 11 years ago | (#6379305)

stupid buddhist faggot

Re:This is another one... (-1, Offtopic)

Anonymous Coward | more than 11 years ago | (#6379334)

stupid fundie pedophile.

That'll come in handy (2, Funny)

SHEENmaster (581283) | more than 11 years ago | (#6379422)

When the Thought Police arrest you so that the MPAA can sue you for intent to possibly defraud, larsony of imaginary profits, and programming without a liquor license.

There's only one way... (-1)

floydigus (415917) | more than 11 years ago | (#6379289)

...but you have to work it out for yourself from first principles ;)

Reverse Engineering is Good, Here Is Why (-1, Flamebait)

Anonymous Coward | more than 11 years ago | (#6379302)

Why Nazis preferred emaciated Jews

The reasons were efficiency and economic. We worked the Jewish males to get every bit of energy we could get from them and gave them a minimal caloric daily intake. We achieved getting energy, as expressed in caloric depletion, through manual labor which expended more calories from Jews than what they took in which resulted in emaciation. Emaciated Jews are preferred because it takes much less calories of heat value to cremate them than it does to cremate Jews who have become oversized parasites bleeding the Fatherland dry like ticks do to a canine. A male Jew was worth more dead than alive. We would cremate the Jewish males after we got all we could from them and by the time they were sufficiently skeletonized they were ready for the ovens. Emaciation does not reduce bone mass by that much and it is the bone ash which we wanted. Many hundreds of tons of ash were used to pave roads and used for building material. Bone ash makes good stucco and many fine German homes built in the traditional German style with exposed exterior beams used crema-ash as the stuccoish filler between the exterior beams.

Nazis preferred the Jewish women to not be skeletonized or emaciated. The female Jews were selected on the basis of their skin textures and their ability to retain body fat. Selected female Jews were skinned to make many leather like goods such as lamp shades, belts, shoes, and pholstery. Jew hide was very prized by the wealthier Germans. Female Jews were the only source of leathery goods because the Jewish males did not have the fine supple skin texture of the Jewish females. Another reason why Jewish females
were not skeletonized was we wanted to harvest their fat globules. Females store fat much better than males and hips, buttocks, and thighs are prime harvest areas on a Jewish female corpse. The fat is gathered after the corpse is skinned and then graded and refined. Numerous products can be made from the fat deposits such as candles, soap, lubricants, pharmaceuticals and a plethora of other uses this document hasn't room to describe.

For those people who think Jews are without any intrinsic value they should consider the applications and uses above and don't forget their hair and teeth have many uses as well. Jews are worth more dead than alive. They are sources of many raw materials which benefitted the Fatherland.

Until next time.

Re:Reverse Engineering is Good, Here Is Why (-1, Flamebait)

Anonymous Coward | more than 11 years ago | (#6379319)

Interesting article. I find that Jews that are alive have this nasty habit of taking my money, so certainly I'd agree that the "ROI" of a dead jew is significantly higher than of a living one.

whatabout truss/strace/ktrace? (5, Informative)

multipartmixed (163409) | more than 11 years ago | (#6379314)

I can't believe they left out truss/strace/ktrace. Even without debugging symbols, these utilities can tell you what system calls are being called, when they are called, and what arguments are being passed.

truss under Solaris is even more useful than strace under Linux or ktrace under the BSDs; you can also trace function entry points into user-level ELF solibs.

Re:whatabout truss/strace/ktrace? (2, Informative)

Burnon (19653) | more than 11 years ago | (#6379333)

It's there:

http://www.acm.uiuc.edu/sigmil/RevEng/x288.htm#b eh avior_system_calls

No it's not -- that's just a TOC entry (4, Interesting)

multipartmixed (163409) | more than 11 years ago | (#6379439)

But now I know why, due to the authors' comments. Thanks for the pointer to the TOC entry though, don't how I missed that.

For the readership out there, I'm sure those will be covered in the future; in the meantime, read your strace/ktrace/truss man pages. Run them on the application you're trying to RE before doing *anything* else. Sometimes, those dumps can provide *amazing* insight into the behaviour and structure of the program (particularly if you're good with 'grep'), especially if you're trussing and using the program interactively.

RTFA?? (0)

Anonymous Coward | more than 11 years ago | (#6379375)

http://www.acm.uiuc.edu/sigmil/RevEng/x288.htm#beh avior_system_calls

Re:whatabout truss/strace/ktrace? (0)

Anonymous Coward | more than 11 years ago | (#6379397)

truss under Solaris is even more useful than strace under Linux or ktrace under the BSDs; you can also trace function entry points into user-level ELF solibs.

and for windows?

Re:whatabout truss/strace/ktrace? (1)

QuMa (19440) | more than 11 years ago | (#6379471)

Not sure about BSD, but linux has ltrace which monitors all dynamic library calls. A real lifesaver in many situations.

Thanks for the pointer! (1)

multipartmixed (163409) | more than 11 years ago | (#6379554)

I didn't know about ltrace -- my RH 5.2 box doesn't have it. Hmm. I may have to upgrade, but I've been reticent to touch that (non-net-facing) box because as I understand it, most distros have dropped the UDB (Multia) support from their kernels/bootloaders.

I suppose I could go the upgrade route, but that'd mean a new kernel, which needs a new gcc, which needs a new glibc *argh*

Maybe I'll just dig up ltrace.c and see if it'll go. ;)

Re:whatabout truss/strace/ktrace? (5, Informative)

MrDelSarto (95771) | more than 11 years ago | (#6379585)

ltrace [debian.org] will allow you to peek into what libraries are being called on Linux.

really dumb question... (2, Interesting)

Anonymous Coward | more than 11 years ago | (#6379320)

do the authors of the book linked have the text available as a single PS or PDF file?

Good info (2, Insightful)

melete (640855) | more than 11 years ago | (#6379323)

I'm not sure that their claim that anyone who's read a "How to Learn [C|C++|Java|*] in nn Days" should be able to follow the article is correct, but it's a good intro nonetheless. The section on binary formats (ELF, etc.) is particularly useful.

Will This Let Me... (-1, Troll)

Anonymous Coward | more than 11 years ago | (#6379332)

... run 3D Studio Max without the little hardware dongle?

Re:Will This Let Me... (0, Offtopic)

deadsaijinx* (637410) | more than 11 years ago | (#6379558)

uhhhh, since there are already software cracks for that....

incomplete (0)

Anonymous Coward | more than 11 years ago | (#6379345)

the "very complete article" for reverse engineering software is pretty incomplete... chapters 10 and onward are not finished, the good stuff like buffer and stack over flows are not written, but just has the table of contents headings.

Re:incomplete (1)

Karamchand (607798) | more than 11 years ago | (#6379521)

At least the table of contents is completely finished already!

Oh come on, it's easy (5, Funny)

BabyDave (575083) | more than 11 years ago | (#6379358)

mimosa: ~ $ echo 'engineering' | rev
gnireenigne

What more do you need to know?

Re:Oh come on, it's easy (5, Funny)

kurosawdust (654754) | more than 11 years ago | (#6379416)

What more do you need to know?

How to make it stop, that's what!

bash-2.05a$ rev
moo
oom
exit
tixe
quit
tiuq
Ctrl-D
D-lrtC

OK now it's just being a smartass.

Re:Oh come on, it's easy (1)

blogan (84463) | more than 11 years ago | (#6379618)

Only use palindromes, then you won't care if it stops.

Re:Oh come on, it's easy (1)

Jester99 (23135) | more than 11 years ago | (#6379778)

Wouldn't that be:


^D
D^


? :)

SoftICE (-1, Troll)

Anonymous Coward | more than 11 years ago | (#6379374)

What? No SoftICE? Felony!

README: From the Authors (5, Informative)

mikepery (131050) | more than 11 years ago | (#6379398)

Well this was most unexpected. We still have a lot of work to do on this book, and are still in the process of looking for a publisher. In fact, both Nasko and I were working on the book as this was posted (quite a shock!). We're still putting together screenshots, describing debugging utilities, etc..

In fact, the book looks more complete than it actualy is. Most of the chapters are basically just an outline that we've been filling in as we go along.

Keep checking the book periodically for more updates, as again, this is a work in progress. If you notice any ommissions, or have any contributions, we would be glad to take them.

Thanks,

Nasko Oskov & Mike Perry

Re:README: From the Authors (1)

NightWulf (672561) | more than 11 years ago | (#6379427)

Wow took a second glance at your username, looked like 'mikeperv' for a minute. Was thinking, what kind of books do you guys right with a username like that!

Re:README: From the Authors (1)

loadquo (659316) | more than 11 years ago | (#6379429)

Post an article ot slashdot when you feel finished. And a tar.gz of the HTML files would be nice.

Re:README: From the Authors (-1, Troll)

deadsaijinx* (637410) | more than 11 years ago | (#6379584)

fag, no one would use tar.gz unless it was strictly a linux audience. people use standards like .zip and .rar ...

Re:README: From the Authors (3, Insightful)

Dunkalis (566394) | more than 11 years ago | (#6379748)

Nobody should use RAR. WinZip opens tarballs properly. Every OS on earth has the ability to open tarballs, and they are better. gzip has better compression, you never get the weird problems you get with unzip, etc. So be intelligent and think before you call something like RAR a standard. Zip works fine, but if you're aiming for 100% cross-platform, tarballs are king. PS: Tarballs are used on every Unix and Unix clone OS in existence, not just Linux.

Re:README: From the Authors (-1, Troll)

deadsaijinx* (637410) | more than 11 years ago | (#6379926)

shut up chris

Once you find a publisher (1)

multipartmixed (163409) | more than 11 years ago | (#6379563)

Let me know, and I'll find you some purchasers.

Good work so far, my other comment notwithstanding.

Wow, that is a long article...any ideas for POS? (5, Interesting)

skogs (628589) | more than 11 years ago | (#6379414)

Kudos go out to the guy that found this and submited it. Hopefully you knew the guys involved, and didn't just accidently find this information while searching the internet for self worth.

Very Good article, and I admit that I did not understand all of it, nor did I read all of it. However I did forward it along to a couple of friends who do not regularly /.

Here is a reverse engineering feat for you all...POS(Point of Sale) terminal equipment. Specifically to replace NSC(National Systems Corporation) and similar diamond touch gear. If you can reverse engineer a system for taking customer's orders(think pizza/food), showing it on multiple screens around the store, and keeping track of inventory, sales numbers and statistics, customer tracking and history...wow you would be great. Nobody wants to spend $15-30,000 for a new POS system. Nobody.

Biggest problem is that these small operators spend that much money on the system, that they are obligated and forced into using it for 10+ years, well after the hardware(monitors/keyboards) wear out. Then get stuck purchasing proprietary stuff at the same cost it was at the original purchase price...several hundred dollars for a custom keyboard...get real.

Somebody please show me where there is a project to reverse engineer this with an X window under RedHat/Slack. Even terminal would be fine. The current system runs text only...over 1 pair of copper in a phone plug(rj11).

Re:Wow, that is a long article...any ideas for POS (1)

silas_moeckel (234313) | more than 11 years ago | (#6379467)

Let me guess and release it all open source? You have the big problem that people with programming experience dont have a buring need for POS software. Granted there are quite a few vendors out there that would love it for the support contract. But your seeing one of the flaws of open source you have to find an interested group of programmers to write one for free generaly.

Re:Wow, that is a long article...any ideas for POS (1)

ratfynk (456467) | more than 11 years ago | (#6379516)

"Here is a reverse engineering feat for you all...POS(Point of Sale) terminal ........" You would be inviting an attack by the legal representation of mad squirrels! Squirrels are very teritorial little creatures. http://www.squirrelsystems.com/press/pr/Mar0502.ht ml

Also has a nice 404 :) (3, Interesting)

arcanumas (646807) | more than 11 years ago | (#6379430)

The part i had time to read before the *you know what* was really good. But there is something else. This server probably has the best 404 page i have seen. Some people spend some time to make a really nice 404 page?
Ooo.. now i see. it's ".edu"
:)

Great, but inflammatory? (0)

Anonymous Coward | more than 11 years ago | (#6379434)

"And we don't know about you, but to us, software that we don't have source code to just pisses us off. So we figure: screw it, lets do some damage. :)"

"maybe you want to monitor all data before a program encrypts it and sends it across the network, or maybe you just want to cheat at your favorite multiplayer networked game."

I can't wait until some DMCA-junkie and/or [RI|MP]AA member takes that out of context. Then it will be shutdown time!

MOD PARENT sonofabitch (0)

Anonymous Coward | more than 11 years ago | (#6379488)

he deos fargottry thngs

Learn from the masters. (5, Interesting)

JohnwheeleR (662355) | more than 11 years ago | (#6379436)

For an excellent source of reverse engineering material, you really should check out the old Fravia pages [anticrack.de] . This is the original stuff right here.

Along with reversing tutorials and materials, there is a rich history behind this stuff. A man named +ORC published a tutorial on how to reverse engineer a Windows program called pooldemo.exe. From this text, an era was born. The Fravia website was created and was home to the +HCU. Many people sought after the true identity of +ORC, and he left a strainer (riddle) behind that would take you to a URL where he would be unmasked supposedly. Just look up "ORC riddle" on google for details. Neat stuff!

Very useful... (2, Interesting)

Realistic_Dragon (655151) | more than 11 years ago | (#6379447)

Given some of the code I get to deal with (19(7/8)0s vintage C, much of which is older than I am) it's probably easier to reverse engineer the binary and look at it there...

A rude poem inspired by the headline (0)

Anonymous Coward | more than 11 years ago | (#6379453)

Learning Reverse Engineering

Pondering, peering /
recollections of fearing /
yearning for perverse queering /
having difficulty steering

Thank you.

errr... (0)

Anonymous Coward | more than 11 years ago | (#6379458)

that's just engineering in reverse...right...stop loooking at me like that!!

Play "Black Box" for a while. (3, Interesting)

Speare (84249) | more than 11 years ago | (#6379462)

There was a slick plastic game called Black Box back when thinking games like Mastermind were raking in the dough. There are Java and PalmOS varieties of the game. It's a nice three-minute game to while away a bus stop wait, and it helps you get in the mindset of what reverse engineering really means.

The inside of the Black Box is an 8x8 square. There are 8 ports on each side of the square. One player sets some marbles inside the covered square, and the other player tries to deduce their locations by the behavior of "rays" entering and exiting the box ports. Some rays go all the way through, some reflect off the balls inside, and some glance off the balls and go out some other side of the box.

"Very Complete"? (0)

Anonymous Coward | more than 11 years ago | (#6379464)

I don't know a lot about reverse engineering, but it looks like a lot of the chapters are just placeholders (no content).

For instance, a chapter on buffer overflows and stuff (which is of academic interest to me) is completely empty.

This doesn't consititute "very complete" to me.

Complete? My ass! (2, Funny)

christoofar (451967) | more than 11 years ago | (#6379474)

Only two sections are complete.

When will I be able to get this in paperback so I can read it while I'm sittin' on the can?

This book falls short (4, Informative)

JohnwheeleR (662355) | more than 11 years ago | (#6379480)

This book is pretty weak. I skimmed through it and no where did I see win32dasm dead listings or hands on reversing. It seems like it just tries to explain different windows and unix tools people might use for reversing. Comments like this certainly should have been left out: If you don't know assembly language, at the end of this book you will literally know it inside-out I mean gimme a break. In less than a hundred pages of text, no one is going to learn x86 asm "inside-out." Chapter 9, which many people would be interested in, is incomplete. I wouldn't waste my time. Go search for "fravia pages reverse engineering" on google. That material took years to put together.

Immature (5, Insightful)

mslinux (570958) | more than 11 years ago | (#6379511)

Quote from the introduction of the book:

"We don't know about you, but to us, software that we don't have source code to just pisses us off. So we figure: screw it, lets do some damage. :)"

Cheap comments like this really degrade this book.

Re:Immature (0)

Anonymous Coward | more than 11 years ago | (#6379588)

If you say so... /me rolls his eyes

Reserve Engineering is Illegal (-1, Redundant)

Anonymous Coward | more than 11 years ago | (#6379517)

in the United States of America: You are forbidden to explore how something works. You can however suppose it was made by aliens, CIA, god or some other force. You have the right to try to be happy, and to remain silent.

vmware (0)

Anonymous Coward | more than 11 years ago | (#6379518)

they mention how vmware uses corrupted elf headers to hide their precious secrets. maybe they should have put as much thought into debugging and the user interface 'cause virtual pc is wayyyy better (probably why ms bought virtual pc)

wow (0)

Anonymous Coward | more than 11 years ago | (#6379542)

what a useless 'tutorial'

what ever happened to the old days where people
had to learn this stuff on their own?

Everithing You Need (0)

Anonymous Coward | more than 11 years ago | (#6379550)

To make reverse-engineering as hard as possible :)

IP : encrypt everything at the application level
FS : Use one big raw file to store as much as you can, preferably at the bit resolution
DBG: Never forget to remove debug info ...

Nice :)

Re:Everithing You Need (0, Flamebait)

JohnwheeleR (662355) | more than 11 years ago | (#6379557)

Shut up

siht si ts agnir??? I don't think so! (0)

Anonymous Coward | more than 11 years ago | (#6379595)

According to this book, strings are stored differently on big-endian versus little-endian architectures, so "this is a string" on a Solaris machine becomes "siht si ts agnir" on a Linux/x86 machine.

This is complete nonsense. Endianness only affects multi-byte data types: shorts, longs, floats, etc. The order of chars in a string does not change.

Re:siht si ts agnir??? I don't think so! (0)

Anonymous Coward | more than 11 years ago | (#6379683)

"siht si ts agnir?"

this is st ringa?

What bizarre language are you speaking, man?

Re:siht si ts agnir??? I don't think so! (0, Offtopic)

unitron (5733) | more than 11 years ago | (#6379895)

Your confusion is quite understandable as ringa was only recently canonized.

reverse engineer data formats!!! (1)

gTsiros (205624) | more than 11 years ago | (#6379671)

I need help reverse engineering "si3" files.

It's the format used on siemens cellphones to play midi (subtypes 0,1)! Siemens says it is closed...

When you transfer a .mid to the cellphone, first time you play it, it gets converted to .si3

not too good. (0)

Anonymous Coward | more than 11 years ago | (#6379674)

This is far from a "a very complete article about reverse engineering."

Ollydbg (4, Informative)

httptech (5553) | more than 11 years ago | (#6379698)

Hadn't seen this mentioned in the book or in any comments so far: If you are wanting to get started reverse-engineering on Windows, you don't need to shell out big bucks (or pirate) softice unless you plan to do hard-core driver/kernel debugging. Seriously, check out Ollydbg [t-online.de] It's freeware AND it kicks ass. I'm using it to do almost all my reverse engineering now.

Here are a couple of beginner-level articles I've written on reverse-engineering malicious code:

Reverse Engineering Hostile Code [lurhq.com]

Alien Autopsy: Reverse Engineering Win32 Trojans on Linux [lurhq.com]

Re:Ollydbg (1)

Anonymous Coward | more than 11 years ago | (#6379887)

Windbg by microsoft is just as free. It comes standalone or in the driver sdk. It's a better debugger than visual studio imo.

Code Reading - The Open Source Perspective (4, Informative)

MavEtJu (241979) | more than 11 years ago | (#6379730)

Recently I came by this book: Code Reading - The Open Source Perspective [spinellis.gr] , which has the same idea except for when you have the source of a program and not only a binary.

Why ? (0, Flamebait)

Vanieter (613996) | more than 11 years ago | (#6379732)

Why is Slashdot promoting such vile acts of piracy ?
</software megacorp>

Mirror this site ! (-1, Troll)

Anonymous Coward | more than 11 years ago | (#6379762)

This site NEEDS to be mirrored: www.circlist.org

Unfortunatly, circumcision is becoming less and less regular in the United States to the dismay of health advocates and women everywhere. The aardvark dick is becoming more common everyday and it is sad that even luminaries like Linus Torvalds have escaped this wonderfull proceedure called circumcision.

Aardvark cock is GROSS, and FILTHY. I can't imagine that Linus' wife actually touches it. We need to start a Paypal account to help fund a circumcision for Linus Torvalds. If we have any cash left over we can circumcise Alan "unclean" Cox too. He is notoriously uncircumcised, and just thinking of his GROSS FILTHY foreskin makes me PUKE.

Women, we must PASS a law REQUIRING that ALL MALES in the United States be circumcised. Because in the future your daughters may have to encounter UGLY GROSS FILTHY aardvark uncirumcised penisis. This would be a shame for such a great country to fall into such GROSS dispear.

Thank you for listening,
Circumcise All Males in the USA committe
Banning GROSS UNHEALTHY DIRTY FORESKINS by congressional LAW is our GOAL.

science aside (0)

Anonymous Coward | more than 11 years ago | (#6379904)

I find an useful ways to reverse engineer a particular piece of software with or without source is to deconstruct the application using deconstructionist approach (note, not deconstructionism originally defined by derida, but literary deconstructionism). A lot of what i do is consulting; therefore often I have to fix existing code. Even with the source code it's not easy to figure out a program entirely.

Trying to get into the programmers mind set for me is useful because it helps me figure out the pieces of the program faster than reading every single line of code several times. Take for example a novel. As you read each chapter, the intension of the author become more apparent. Often times with bad writers, the reader can tell what's going happen. With great writers, it's not totally obvious until the last page. In this way, deconstructing a piece of software helps me see where the programmer was going. that often is more useful than reading every line.

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?