ACS Infosystems

Secrets of Reverse Engineering. This book was written
after years of working on software development projects that repeatedly
required reverse engineering of third party code, for a variety of reasons. At
first this was a fairly tedious process that was only performed when there was
simply no alternative means of getting information. Then all of a sudden, a
certain mental barrier was broken and I found myself rapidly sifting through
undocumented machine code, quickly deciphering its meaning and getting
the answers I wanted regarding the code’s function and purpose. At that point
it dawned on me that this was a remarkably powerful skill, because it meant
that I could fairly easily get answers to any questions I had regarding software
I was working with, even when I had no access to the relevant documentation
or to the source code of the program in question. This book is about providing
knowledge and techniques to allow anyone with a decent understanding of
software to do just that.
The idea is simple: we should develop a solid understanding of low-level
software, and learn techniques that will allow us to easily dig into any program’s
binaries and retrieve information. Not sure why a system behaves the
way it does and no one else has the answers? No problem—dig into it on your
own and find out. Sounds scary and unrealistic? It’s not, and this is the very
purpose of this book, to teach and demonstrate reverse engineering techniques
that can be applied daily, for solving a wide variety of problems.
But I’m getting ahead of myself. For those of you that haven’t been exposed
to the concept of software reverse engineering, a little introduction is in order.
Introduction
xxiii
Reverse Engineering and Low-Level Software
Before we get into the various topics discussed throughout this book, we
should formally introduce its primary subject: reverse engineering. Reverse
engineering is a process where an engineered artifact (such as a car, a jet
engine, or a software program) is deconstructed in a way that reveals its innermost
details, such as its design and architecture. This is similar to scientific
research that studies natural phenomena, with the difference that no one commonly
refers to scientific research as reverse engineering, simply because no
one knows for sure whether or not nature was ever engineered.
In the software world reverse engineering boils down to taking an existing
program for which source-code or proper documentation is not available and
attempting to recover details regarding its’ design and implementation. In
some cases source code is available but the original developers who created it
are unavailable. This book deals specifically with what is commonly referred
to as binary reverse engineering. Binary reverse engineering techniques aim at
extracting valuable information from programs for which source code in
unavailable. In some cases it is possible to recover the actual source-code (or a
similar high-level representation) from the program binaries, which greatly
simplifies the task because reading code presented in a high-level language is
far easier than reading low-level assembly language code. In other cases we
end up with a fairly cryptic assembly language listing that describes the program.
This book explains this process and why things work this way, while
describing in detail how to decipher the program’s code in a variety of different
environments.
I’ve decided to name this book “Reversing”, which is the term used by many
online communities to describe reverse engineering. Because the term
reversing can be seen as a nickname for reverse engineering I will be using the
two terms interchangeably throughout this book.
Most people get a bit anxious when they try to imagine trying to extract
meaningful information from an executable binary, and I’ve made it the primary
goal of this book to prove that this fear is not justified. Binary reverse
engineering works, it can solve problems that are often incredibly difficult to
solve in any other way, and it is not as difficult as you might think once you
approach it in the right way.
This book focuses on reverse engineering, but it actually teaches a great deal
more than that. Reverse engineering is frequently used in a variety of environments
in the software industry, and one of the primary goals of this book is to
explore many of these fields while teaching reverse engineering.
xxiv Introduction
Here is a brief listing of some of the topics discussed throughout this book:
■■ Assembly language for IA-32 compatible processors and how to read
compiler-generated assembly language code.
■■ Operating systems internals and how to reverse engineer an operating
system.
■■ Reverse engineering on the .NET platform, including an introduction to
the .NET development platform and its assembly language: MSIL.
■■ Data reverse engineering: how to decipher an undocumented file-format
or network protocol.
■■ The legal aspects of reverse engineering: when is it legal and when is
it not?
■■ Copy protection and digital rights management technologies.
■■ How reverse engineering is applied by crackers to defeat copy protection
technologies.
■■ Techniques for preventing people from reverse engineering code and a
sober attempt at evaluating their effectiveness.
■■ The general principles behind modern-day malicious programs and
how reverse engineering is applied to study and neutralize such
programs.
■■ A live session where a real-world malicious program is dissected and
revealed, also revealing how an attacker can communicate with the program
to gain control of infected systems.
■■ The theory and principles behind decompilers, and their effectiveness
on the various low-level languages.