Full Disclosure mailing list archives
High-Level Reverse Engineering whitepaper
From: "Andy Davis" <andy.davis () irmplc com>
Date: Mon, 1 Oct 2007 17:58:50 +0100
This paper aims to present a methodical framework for high-level reverse engineering. The methodology is a culmination of existing tools and techniques within the IT security research community, which presents ways to identify process operation at a higher-level of abstraction than traditional binary reversing. Here, we focus our attention on application DLLs and the functions that they implement and export, which includes process interactions with other applications and various operating system function calls. We use existing tools and techniques to derive ways of quickly identifying how applications are constructed, the functions that they use and how they use them. Following this high-level reverse engineering, the researcher is then free to take further steps at reversing specific functions with the more traditional lower-level binary analysis. The key tools required and used throughout the methodology are the Universal Hooker (uhooker) by Core Security Technologies [1], the Interactive Disassembler (IDA) [2] and the OllyDbg debugger [3]. It is assumed that the reader is already familiar with these tools. Further information on these tools and their operation can be found from the references section at the end of this document. The full paper can be downloaded here: http://www.irmplc.com/index.php/69-Whitepapers
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- High-Level Reverse Engineering whitepaper Andy Davis (Oct 01)