Reversing : The Hacker's Guide to Reverse Engineering
Figure 4.11 A screenshot of Process Explorer from SysInternals. Patching Tools Patching is not strictly a reversing-related acti ...
in different formats and for modifying it as you please. Unfortunately, Hex Workshop doesn’t support disassembly or assembly of ...
Miscellaneous Reversing Tools The following are miscellaneous tools that don’t fall under any of the previous categories. Execut ...
0 file pointer to symbol table 0 number of symbols E0 size of optional header 210E characteristics Executable Line numbers strip ...
0 [ 0] RVA [size] of Architecture Directory 0 [ 0] RVA [size] of Global Pointer Directory 0 [ 0] RVA [size] of Thread Storage Di ...
C0000040 flags Initialized Data Read Write SECTION HEADER #3 .rsrc name 2A098 virtual size 62000 virtual address (77DA2000 to 77 ...
PEView PEView is a powerful freeware GUI executable-dumping tool. It allows for a good GUI visualization of all important PE dat ...
Figure 4.14 Screenshot of PEBrowse Professional dumping an executable and disassem- bling some code within it. Conclusion In thi ...
Part II Applied Reversing 09_574817 pt02.qxd 3/16/05 8:45 PM Page 139 ...
09_574817 pt02.qxd 3/16/05 8:45 PM Page 140 ...
141 Twenty years ago, programs could almost exist in isolation, barely having to interface with anything other than the underlyi ...
Reversing and Interoperability For a software engineer, interoperability can be a nightmare. From the indi- vidual engineer’s pe ...
this book are focused exclusively on offline code analysis, not on live analysis. This means that you’ll primarily just read ass ...
What Are We Looking For? Typically, the search for undocumented code starts with a requirement. What functionality is missing? W ...
Case Study: The Generic Table API in NTDLL.DLL Let’s dive headfirst into our very first hands-on reverse-engineering session. In ...
From their names alone, you can make some educated guesses about these APIs. It’s obvious that this is a group of APIs that mana ...
7C921A39 MOV EDI,EDI 7C921A3B PUSH EBP 7C921A3C MOV EBP,ESP 7C921A3E MOV EAX,DWORD PTR SS:[EBP+8] 7C921A41 XOR EDX,EDX 7C921A43 ...
Let’s continue this process of elimination in order to determine the func- tion’s calling convention and observe that the functi ...
7C921A3E MOV EAX,DWORD PTR SS:[EBP+8] 7C921A41 XOR EDX,EDX 7C921A43 LEA ECX,DWORD PTR DS:[EAX+4] The first line loads [ebp+8]int ...
One interesting thing about the data structure is the way it is accessed— using two different registers. Essentially, the functi ...
«
4
5
6
7
8
9
10
11
12
13
»
Free download pdf