Git-Mirrors/sec-pentesting-toolkit
1
0
Fork 0
mirror of https://github.com/autistic-symposium/sec-pentesting-toolkit.git synced 2025-04-28 03:26:08 -04:00
Code Issues Packages Projects Releases Wiki Activity

reverse eng

Browse Source
This commit is contained in:
Mari Wahl 2014-11-20 20:45:07 -05:00
parent 70265a5a44
commit e896d65b84
2 changed files with 266 additions and 37 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
README.md
View File

@ -66,6 +66,21 @@ nmap -p 31000-32000 localhost
telnet localhost 3000 telnet localhost 3000
``` ```
----
## References:
### Books
- The Tangled Web
- The Art of Exploitation
- The Art of Software Security Assessment:
- Practical Packet Analysis
### Websites
- https://ctf.isis.poly.edu
---- ----
### License ### License

228
Reverse_Engineering/README.md
View File

@ -1,6 +1,219 @@
# Reverse Engineering # Reverse Engineering
* Objective: turn a x86 binary executable back into C source code.
* Understand how the compiler turns C into assembly code.
* Low-level OS structures and executable file format.
---
##Assembly 101
### Arithmetic Instructions
```
mov eax,2 ; eax = 2
mov ebx,3 ; ebx = 3
add eax,ebx ; eax = eax + ebx
sub ebx, 2 ; ebx = ebx - 2
```
### Accessing Memory
```
mox eax, [1234] ; eax = *(int*)1234
mov ebx, 1234 ; ebx = 1234
mov eax, [ebx] ; eax = *ebx
mov [ebx], eax ; *ebx = eax
```
### Conditional Branches
```
cmp eax, 2 ; compare eax with 2
je label1 ; if(eax==2) goto label1
ja label2 ; if(eax>2) goto label2
jb label3 ; if(eax<2) goto label3
jbe label4 ; if(eax<=2) goto label4
jne label5 ; if(eax!=2) goto label5
jmp label6 ; unconditional goto label6
```
### Function calls
First calling a function:
```
call func ; store return address on the stack and jump to func
```
The first operations is to save the return pointer:
```
pop esi ; save esi
```
Right before leaving the function:
```
pop esi ; restore esi
ret ; read return address from the stack and jump to it
```
---
## Modern Compiler Architecture
**C code** --> Parsing --> **Intermediate representation** --> optimization --> **Low-level intermediate representation** --> register allocation --> **x86 assembly**
### High-level Optimizations
#### Inlining
For example, the function c:
```
int foo(int a, int b){
return a+b
}
c = foo(a, b+1)
```
translates to c = a+b+1
#### Loop unrolling
The loop:
```
for(i=0; i<2; i++){
a[i]=0;
}
```
becomes
```
a[0]=0;
a[1]=0;
```
#### Loop-invariant code motion
The loop:
```
for (i = 0; i < 2; i++) {
a[i] = p + q;
}
```
becomes:
```
temp = p + q;
for (i = 0; i < 2; i++) {
a[i] = temp;
}
```
#### Common subexpression elimination
The variable attributions:
```
a = b + (z + 1)
p = q + (z + 1)
```
becomes
````
temp = z + 1
a = b + z
p = q + z
```
#### Constant folding and propagation
The assignments:
```
a = 3 + 5
b = a + 1
func(b)
```
Becomes:
```
func(9)
```
#### Dead code elimination
Delete unnecessary code:
```
a = 1
if (a < 0) {
printf(“ERROR!”)
}
```
to
```
a = 1
```
### Low-Level Optimizations
#### Strength reduction
Codes such as:
```
y = x * 2
y = x * 15
```
Becomes:
```
y = x + x
y = (x << 4) - x
```
#### Code block reordering
Codes such as :
```
if (a < 10) goto l1
printf(“ERROR”)
goto label2
l1:
printf(“OK”)
l2:
return;
```
Becomes:
```
if (a > 10) goto l1
printf(“OK”)
l2:
return
l1:
printf(“ERROR”)
goto l2
```
#### Register allocation
* Memory access is slower than registers.
* Try to fit as many as local variables as possible in registers.
* The mapping of local variables to stack location and registers is not constant.
#### Instruction scheduling
Assembly code like:
```
mov eax, [esi]
add eax, 1
mov ebx, [edi]
add ebx, 1
```
Becomes:
```
mov eax, [esi]
mov ebx, [edi]
add eax, 1
add ebx, 1
```
---
## Tools Folder ## Tools Folder
- X86 Win32 Cheat sheet - X86 Win32 Cheat sheet
@ -9,7 +222,7 @@
- Command line tricks - Command line tricks
----
## Other Tools ## Other Tools
- gdb - gdb
@ -27,7 +240,7 @@
- uncompyle2 (Python) - uncompyle2 (Python)
- unpackers, hex editors, compilers - unpackers, hex editors, compilers
---
## Encondings/ Binaries ## Encondings/ Binaries
``` ```
@ -51,13 +264,13 @@ binutils
---
## Online References ## Online References
[Reverse Engineering, the Book]: http://beginners.re/ [Reverse Engineering, the Book]: http://beginners.re/
---
## IDA ## IDA
- Cheat sheet - Cheat sheet
@ -65,7 +278,7 @@ binutils
---
## gdb ## gdb
- Commands and cheat sheet - Commands and cheat sheet
@ -88,7 +301,7 @@ set disassembly-flavor intel
disas main disas main
``` ```
---
## objdump ## objdump
Display information from object files: Where object file can be an intermediate file Display information from object files: Where object file can be an intermediate file
@ -98,13 +311,14 @@ created during compilation but before linking, or a fully linked executable
$ objdump -d <bin> $ objdump -d <bin>
``` ```
----
## hexdump & xxd ## hexdump & xxd
For canonical hex & ASCII view: For canonical hex & ASCII view:
``` ```
$hexdump -C $hexdump -C
``` ```
----
## xxd ## xxd
Make a hexdump or do the reverse: Make a hexdump or do the reverse:
``` ```