System-Level Reversing
System-level reversing involves running various tools on the program and uti-
lizing various operating system services to obtain information, inspect pro-
gram executables, track program input and output, and so forth. Most of this
information comes from the operating system, because by definition every
interaction that a program has with the outside world must go through the
operating system. This is the reason why reversers must understand operating
systems—they can be used during reversing sessions to obtain a wealth of
information about the target program being investigated. I will be discussing
operating system basics in Chapter 3 and proceed to introduce the various
tools commonly used for system-level reversing in Chapter 4.Code-Level Reversing
Code-level reversing is really an art form. Extracting design concepts and
algorithms from a program binary is a complex process that requires a mastery
of reversing techniques along with a solid understanding of software develop-
ment, the CPU, and the operating system. Software can be highly complex,
and even those with access to a program’s well-written and properly-docu-
mented source code are often amazed at how difficult it can be to comprehend.
Deciphering the sequences of low-level instructions that make up a program is
usually no mean feat. But fear not, the focus of this book is to provide you with
the knowledge, tools, and techniques needed to perform effective code-level
reversing.
Before covering any actual techniques, you must become familiar with some
software-engineering essentials. Code-level reversing observes the code from
a very low-level, and we’ll be seeing every little detail of how the software
operates. Many of these details are generated automatically by the compiler
and not manually by the software developer, which sometimes makes it diffi-
cult to understand how they relate to the program and to its functionality. That
is why reversing requires a solid understanding of the low-level aspects of
software, including the link between high-level and low-level programming
constructs, assembly language, and the inner workings of compilers. These
topics are discussed in Chapter 2.The Tools
Reversing is all about the tools. The following sections describe the basic cate-
gories of tools that are used in reverse engineering. Many of these tools were
not specifically created as reversing tools, but can be quite useful nonetheless.
Chapter 4 provides an in-depth discussion of the various types of tools and14 Chapter 1