Scribd
Upload
213 views17 pages

Getting Started With Reverse Engineering: Dr. Josh Stroschein

This document provides an introduction to reverse engineering native code. It discusses the reverse engineering process, including common tools like disassemblers and debuggers. It covers static and dynamic analysis techniques. It also discusses instruction set architectures, like x86, and how reverse engineers use a combination of static and dynamic analysis in a workflow to understand unknown binary files. Finally, it notes that malware authors may use obfuscation techniques to make reverse engineering harder.

Uploaded by

phoetest01
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
213 views17 pages

Getting Started With Reverse Engineering: Dr. Josh Stroschein

This document provides an introduction to reverse engineering native code. It discusses the reverse engineering process, including common tools like disassemblers and debuggers. It covers static and dynamic analysis techniques. It also discusses instruction set architectures, like x86, and how reverse engineers use a combination of static and dynamic analysis in a workflow to understand unknown binary files. Finally, it notes that malware authors may use obfuscation techniques to make reverse engineering harder.

Uploaded by

phoetest01
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 17

Getting Started with Reverse

Engineering

Dr. Josh Stroschein


MALWARE ANALYST AND SECURITY RESEARCHER

@jstrosch 0xevilc0de.com
Introduction to the course
Course
Overview Assembly basics
Working with native code
Using debuggers
Practical assembly
Reverse engineering
Conclusion
Why Learn to Reverse Engineer?
It’s Not All 1s and 0s

Career opportunities Necessary for some Deeper understanding


careers into how things work

Technically Defend your assets Adversarial thinking


challenging
Career Paths

Incident Malware Penetration Vulnerability Software


Responder Analyst Tester Research Developer
Module Introduction
Introduction

Overview The reverse engineering process


- Tools and Concepts
- Instruction set architectures
- Static versus dynamic analysis
- Workflow
- Native code obfuscation

Conclusion
The Reverse Engineering Process
This Course Will Focus On…

native code and not interpreted languages

a Windows environment

essential tools for becoming an effective reverse engineer


Tools and Concepts

Assembly language CPU architecture Static analysis


The core of reversing Registers, virtual IDA Pro, hex editors &
native code memory and more binary parsing tools

Dynamic analysis Methodology


WinDbg and tracing How to apply these
programs tools to find answers
Instruction Set Architectures (ISA)

Abstract model of a computer


Examples include Intel x86
– defines what is needed to
program it and x86-64, ARM and AMD

This course will focus on Intel Concepts will overlap with


x86 & x86-64 other architectures
Static analysis
- Involves analyzing a program and its
code without execution
- Activities go from looking at strings to
digging in with a disassembler

Static vs.
Dynamic analysis
Dynamic - Involves analyzing the program during
Analysis execution
- Process monitors, debuggers, network
captures

A combination approach can be very


effective
A Reversing Workflow
Unknown
binary file

Look for next


Basic analysis
sample

Reporting and Advanced


documentation analysis
Native Code Obfuscation

Authors will attempt to make their code difficult to analyze –


whether for malicious or non-malicious purposes

Anti-analysis techniques can also be employed to slow down your


ability to reverse engineer software

Native code obfuscation can be difficult to detect, given enough time


and effort it’s not impossible though
Examples of Code Obfuscation

Interpreted Code (JavaScript) Native code


Conclusion
Introduction

Summary The reverse engineering process


- Tools and Concepts
- Instruction set architectures
- Static versus dynamic analysis
- Workflow
- Native code obfuscation

Conclusion

You might also like