systems, and low-level programming languages such as assembly language. It
is the layer that isolates software developers and application programs from
the physical hardware. The development tools isolate software developers
from processor architectures and assembly languages, while operating systems
isolate software developers from specific hardware devices and simplify the
interaction with the end user by managing the display, the mouse, the key-
board, and so on.
Years ago, programmers alwayshad to work at this low level because it was
the only possible way to write software—the low-level infrastructure just
didn’t exist. Nowadays, modern operating systems and development tools
aim at isolating us from the details of the low-level world. This greatly simpli-
fies the process of software development, but comes at the cost of reduced
power and control over the system.
In order to become an accomplished reverse engineer, you must develop a
solid understanding of low-level software and low-level programming. That’s
because the low-level aspects of a program are often the only thing you have to
work with as a reverser—high-level details are almost always eliminated before
a software program is shipped to customers. Mastering low-level software and
the various software-engineering concepts is just as important as mastering the
actual reversing techniques if one is to become an accomplished reverser.
A key concept about reversing that will become painfully clear later in this
book is that reversing tools such as disassemblers or decompilers never actu-
ally provide the answers—they merely present the information. Eventually, it
is always up to the reverser to extract anything meaningful from that informa-
tion. In order to successfully extract information during a reversing session,
reversers must understand the various aspects of low-level software.
So, what exactly is low-level software? Computers and software are built
layers upon layers. At the bottom layer, there are millions of microscopic tran-
sistors pulsating at incomprehensible speeds. At the top layer, there are some
elegant looking graphics, a keyboard, and a mouse—the user experience. Most
software developers use high-level languages that take easily understandable
commands and execute them. For instance, commands that create a window,
load a Web page, or display a picture are incredibly high-level, meaning that
they translate to thousands or even millions of commands in the lower layers.
Reversing requires a solid understanding of these lower layers. Reversers
must literally be aware of anything that comes between the program source
code and the CPU. The following sections introduce those aspects of low-level
software that are mandatory for successful reversing.Assembly Language
Assembly languageis the lowest level in the software chain, which makes it
incredibly suitable for reversing—nothing moves without it. If software per-
forms an operation, it must be visible in the assembly language code. Assembly10 Chapter 1