537

It would be safe to say that any properly designed program is designed

around data. What kind of data must the program manage? What would be

the most accurate and efficient representation of that data within the program?

These are really the most basic questions that any skilled software designer or

developer must ask.

The same goes for reversing. To truly understand a program, reversers must

understand its data. Once the general layout and purpose of the program’s key

data structures are understood, specific code area of interest will be relatively

easy to decipher.

This appendix covers a variety of topics related to low-level data manage-

ment in a program. I start out by describing the stack and how it is used by

programs and proceed to a discussion of the most basic data constructs used in

programs, such as variables, and so on. The next section deals with how data

is laid out in memory and describes (from a low-level perspective) common

data constructs such as arrays and other types of lists. Finally, I demonstrate

how classes are implemented in low-level and how they can be identified

while reversing.

Deciphering Program Data

APPENDIX

C

23_574817 appc.qxd 3/16/05 8:45 PM Page 537