lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <7B01ACCEDD4FFE48B12A55E2DB16A9301D7FED@dccheltenham.local.irmplc.com>
Date: Mon, 1 Oct 2007 17:58:50 +0100
From: "Andy Davis" <andy.davis@...plc.com>
To: <full-disclosure@...ts.grok.org.uk>
Subject: High-Level Reverse Engineering whitepaper

This paper aims to present a methodical framework for high-level reverse
engineering. The methodology is a culmination of existing tools and
techniques within the IT security research community, which presents
ways to identify process operation at a higher-level of abstraction than
traditional binary reversing. Here, we focus our attention on
application DLLs and the functions that they implement and export, which
includes process interactions with other applications and various
operating system function calls. We use existing tools and techniques to
derive ways of quickly identifying how applications are constructed, the
functions that they use and how they use them. Following this high-level
reverse engineering, the researcher is then free to take further steps
at reversing specific functions with the more traditional lower-level
binary analysis.

 

The key tools required and used throughout the methodology are the
Universal Hooker (uhooker) by Core Security Technologies [1], the
Interactive Disassembler (IDA) [2] and the OllyDbg debugger [3]. It is
assumed that the reader is already familiar with these tools. Further
information on these tools and their operation can be found from the
references section at the end of this document.

 

The full paper can be downloaded here:

 

http://www.irmplc.com/index.php/69-Whitepapers

 

 


Content of type "text/html" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ