Learning Reverse Engineering 211
TheBoostedBrain writes "Mike Perry and Nasko Oskov have written a very complete article about reverse engineering. It provides an introduction to reverse engineering software under both Linux and Windows."
Mirror (Score:2, Informative)
whatabout truss/strace/ktrace? (Score:5, Informative)
truss under Solaris is even more useful than strace under Linux or ktrace under the BSDs; you can also trace function entry points into user-level ELF solibs.
Re:whatabout truss/strace/ktrace? (Score:3, Informative)
http://www.acm.uiuc.edu/sigmil/RevEng/x288.htm#
Re:Mirror (Score:2, Informative)
DMCA i.r.t. Reverse Engineering (Score:5, Informative)
`(2) Notwithstanding the provisions of subsections (a)(2) and (b), a person may develop and employ technological means to circumvent a technological measure, or to circumvent protection afforded by a technological measure, in order to enable the identification and analysis under paragraph (1), or for the purpose of enabling interoperability of an independently created computer program with other programs, if such means are necessary to achieve such interoperability, to the extent that doing so does not constitute infringement under this title.
`(3) The information acquired through the acts permitted under paragraph (1), and the means permitted under paragraph (2), may be made available to others if the person referred to in paragraph (1) or (2), as the case may be, provides such information or means solely for the purpose of enabling interoperability of an independently created computer program with other programs, and to the extent that doing so does not constitute infringement under this title or violate applicable law other than this section.
`(4) For purposes of this subsection, the term `interoperability' means the ability of computer programs to exchange information, and of such programs mutually to use the information which has been exchanged.
DMCA [eff.org]
README: From the Authors (Score:5, Informative)
In fact, the book looks more complete than it actualy is. Most of the chapters are basically just an outline that we've been filling in as we go along.
Keep checking the book periodically for more updates, as again, this is a work in progress. If you notice any ommissions, or have any contributions, we would be glad to take them.
Thanks,
Nasko Oskov & Mike Perry
This book falls short (Score:4, Informative)
Re:whatabout truss/strace/ktrace? (Score:5, Informative)
Ollydbg (Score:5, Informative)
Here are a couple of beginner-level articles I've written on reverse-engineering malicious code:
Reverse Engineering Hostile Code [lurhq.com]
Alien Autopsy: Reverse Engineering Win32 Trojans on Linux [lurhq.com]
Code Reading - The Open Source Perspective (Score:5, Informative)
Re:Play "Black Box" for a while. (Score:4, Informative)
can't have a book on reversing without (Score:2, Informative)
Re:README: From the Authors (Score:2, Informative)
Zip works fine, but if you're aiming for 100% cross-platform, tarballs are king.
Info-ZIP UnZip [info-zip.org] is claimed to be the third most portable C program.
Tarballs are used on every Unix and Unix clone OS in existence, not just Linux.
Microsoft Windows ME and Microsoft Windows XP operating systems ship with Microsoft Compressed Folders, a feature that can read and write .zip files in a manner similar to that of WinZip and WinRAR but cannot make head nor tail of .tar.gz files.
A note from the sysadmin of www.acm.uiuc.edu (Score:3, Informative)
Thanks, but no need - we've got boatloads of bandwidth at uiuc, and the web server is hardly noticing:
[staffin@winston staffin]$ uptime
21:20:19 up 79 days, 18:17, 3 users, load average: 0.24, 0.27, 0.32
Not bad. It's an ultra5/360 running Debian with 256mb of ram, btw. I think this pretty much demonstrates that the slashdot effect is all about bandwidth, not the speed of the server.
"Official" PDF version here (Score:4, Informative)
Re:really dumb question... (Score:3, Informative)
RE/Cracking tutorials and games (Score:5, Informative)
There's a few games/challenges out there about reverse engineering, cracking, logic and programming. Give them a try if you wish (Arcanum is really nice):
AngularVision [virtualave.net], Apotheosis [hypermart.net], Arcanum [arcanum.co.nz], Aspect [l8nite.net], Aspect2 [aspectgames.net], C&CDisIncorporated [virtualave.net], CyberArmy [cyberarmy.com], Disavowed [disavowed.net], Electrica [caesum.com], Escape [angelfire.com], HackME [members.home.nl], HackersGames [hackergames.net], HackersLab [hackerslab.org], HackQuest [hackquest.com], Hybrid [lameindustries.org], ICEFortress [icefortress.com], Lamebulun [lamebulun.net], Mod-X [mod-x.co.uk], NetSplit [nsplit.com], NGSEC'sSecurityGame [ngsec.biz], ProblemSetArchive [acm.uva.es], ReverserCourse [reverser-course.de], SlyFX [slyfx.com], TheGame [prohosting.com], and Try2hack [try2hack.nl].
have fun
Re:whatabout truss/strace/ktrace? (Score:3, Informative)
Unfortunately, not under 2.6. It does work on 2.8+ and can occasionaly be a lifesaver. 'ltrace' under Linux does pretty much the same thing.
Re:Mirror (Score:3, Informative)
complete? (Score:2, Informative)
area is reverse engineering. The book only
talks about low level reverse engineering
(i.e. executable code). Most of the research
in the area is at the source level.
This is not a criticism targeted at theauthors,
but at the submitter.
More Reverse Engineering (Score:1, Informative)