Miscellaneous Reversing Tools
The following are miscellaneous tools that don’t fall under any of the previous
categories.
Executable-Dumping Tools
Executable dumping is an important step in reversing, because understanding
the contents of the executable you are trying to reverse is important for gain-
ing an understanding of what the program does and which other components
it interacts with. There are numerous executable-dumping tools available, and
in order to be able to make use of their output, you’ll probably need to become
comfortable with the PE header structure, which is discussed in detail in
Chapter 3. The following sections discuss the ones that I personally consider to
be highly recommended.
DUMPBIN
DUMPBIN is Microsoft’s console-mode tool for dumping a variety of aspects
of Portable Executable files. Besides being able to show the main headers and
section lists, DUMPBIN can dump a module’s import and export directories,
relocation tables, symbol information, and a lot more. Listing 4.1 shows a typ-
ical DUMPBIN output.
Microsoft (R) COFF/PE Dumper Version 7.10.3077
Copyright (C) Microsoft Corporation. All rights reserved.Dump of file user32.dllPE signature foundFile Type: DLLFILE HEADER VALUES
14C machine (x86)
4 number of sections
411096B8 time date stamp Wed Aug 04 10:56:40 2004Listing 4.1 A typical DUMPBIN output for USER32.DLLlaunched with the /HEADERS
option (continued).
Reversing Tools 133