reverse eng

2025-04-28 03:26:08 -04:00 · 2014-11-20 20:45:07 -05:00 · 2014-11-20 20:45:07 -05:00 · e896d65b84
commit e896d65b84
parent 70265a5a44
2 changed files with 266 additions and 37 deletions
--- a/README.md
+++ b/README.md
@ -19,53 +19,68 @@ All in one big bag. For fun, profits, or CTFs.
---- 
+----
 ### Useful Command Line
 #### Searching
- 
+
- 
+
 ```
 grep word f1
- 
+
 sort | uniq -c
- 
+
 diff f1 f2
- 
+
 find -size f1
 ```
- 
+
 #### Compressed Files
- 
+
- 
+
 ```
 zcat f1 > f2
- 
+
 gzip -d file
- 
+
 bzip2 -d f1
- 
+
 tar -xvf file
 ```
- 
+
- 
+
- 
+
 #### Connecting to a Server/Port
- 
+
 ```
 echo 4wcYUJFw0k0XLShlDzztnTBHiqxU3b3e | nc localhost 30000
- 
+
 openssl s_client -connect localhost:30001 -quiet
- 
+
 nmap -p 31000-32000 localhost
- 
+
 telnet localhost 3000
 ```
- 
+
 ----
 ## References:
 ### Books
 - The Tangled Web
 - The Art of Exploitation
 - The Art of Software Security Assessment:
 - Practical Packet Analysis
 ### Websites
 - https://ctf.isis.poly.edu
 ----
 ### License
--- a/Reverse_Engineering/README.md
+++ b/Reverse_Engineering/README.md
@ -1,6 +1,219 @@
 # Reverse Engineering
 * Objective: turn a x86 binary executable back into C source code.
 * Understand how the compiler turns C into assembly code.
 * Low-level OS structures and executable file format.
 ---
 ##Assembly 101
 ### Arithmetic Instructions
 ```
 mov eax,2   ; eax = 2
 mov ebx,3   ; ebx = 3
 add eax,ebx ; eax = eax + ebx
 sub ebx, 2  ; ebx = ebx - 2
 ```
 ### Accessing Memory
 ```
 mox eax, [1234]     ; eax = *(int*)1234
 mov ebx, 1234       ; ebx = 1234
 mov eax, [ebx]      ; eax = *ebx
 mov [ebx], eax      ; *ebx = eax
 ```
 ### Conditional Branches
 ```
 cmp eax, 2  ; compare eax with 2
 je label1   ; if(eax==2) goto label1
 ja label2   ; if(eax>2) goto label2
 jb label3   ; if(eax<2) goto label3
 jbe label4  ; if(eax<=2) goto label4
 jne label5  ; if(eax!=2) goto label5
 jmp label6  ; unconditional goto label6
 ```
 ### Function calls
 First calling a function:
 ```
 call func   ; store return address on the stack and jump to func
 ```
 The first operations is to save the return pointer:
 ```
 pop esi     ; save esi
 ```
 Right before leaving the function:
 ```
 pop esi     ; restore esi
 ret         ; read return address from the stack and jump to it
 ```
 ---
 ## Modern Compiler Architecture
 **C code** --> Parsing --> **Intermediate representation** --> optimization --> **Low-level intermediate representation** --> register allocation --> **x86 assembly**
 ### High-level Optimizations
 #### Inlining
 For example, the function c:
 ```
 int foo(int a, int b){
    return a+b
 }
 c = foo(a, b+1)
 ```
 translates to  c = a+b+1
 #### Loop unrolling
 The loop:
 ```
 for(i=0; i<2; i++){
    a[i]=0;
 }
 ```
 becomes
 ```
 a[0]=0;
 a[1]=0;
 ```
 #### Loop-invariant code motion
 The loop:
 ```
 for (i = 0; i < 2; i++) {
    a[i] = p + q;
 }
 ```
 becomes:
 ```
 temp = p + q;
 for (i = 0; i < 2; i++) {
    a[i] = temp;
 }
 ```
 #### Common subexpression elimination
 The variable attributions:
 ```
 a = b + (z + 1)
 p = q + (z + 1)
 ```
 becomes
 ````
 temp = z + 1
 a = b + z
 p = q + z
 ```
 #### Constant folding and propagation
 The assignments:
 ```
 a = 3 + 5
 b = a + 1
 func(b)
 ```
 Becomes:
 ```
 func(9)
 ```
 #### Dead code elimination
 Delete unnecessary code:
 ```
 a = 1
 if (a < 0) {
 printf(“ERROR!”)
 }
 ```
 to
 ```
 a = 1
 ```
 ### Low-Level Optimizations
 ####  Strength reduction
 Codes such as:
 ```
 y = x * 2
 y = x * 15
 ```
 Becomes:
 ```
 y = x + x
 y = (x << 4) - x
 ```
 #### Code block reordering
 Codes such as :
 ```
 if (a < 10) goto l1
 printf(“ERROR”)
 goto label2
 l1:
    printf(“OK”)
 l2:
    return;
 ```
 Becomes:
 ```
 if (a > 10) goto l1
 printf(“OK”)
 l2:
 return
 l1:
 printf(“ERROR”)
 goto l2
 ```
 #### Register allocation
 * Memory access is slower than registers.
 * Try to fit as many as local variables as possible in registers.
 * The mapping of local variables to stack  location and registers is not constant.
 #### Instruction scheduling
 Assembly code like:
 ```
 mov eax, [esi]
 add eax, 1
 mov ebx, [edi]
 add ebx, 1
 ```
 Becomes:
 ```
 mov eax, [esi]
 mov ebx, [edi]
 add eax, 1
 add ebx, 1
 ```
 ---
 ## Tools Folder
 - X86 Win32 Cheat sheet
@ -9,7 +222,7 @@
 - Command line tricks
-
+----
 ## Other Tools
 - gdb
@ -27,18 +240,18 @@
 - uncompyle2 (Python)
 - unpackers, hex editors, compilers
-
+---
 ## Encondings/ Binaries
- 
+
 ```
 file f1
- 
+
 ltrace bin
- 
+
 strings f1
- 
+
 base64 -d
- 
+
 xxd -r
 nm
@ -47,17 +260,17 @@ objcopy
 binutils
 ```
 ---
 ## Online References
 [Reverse Engineering, the Book]: http://beginners.re/
-
+---
 ## IDA
 - Cheat sheet
@ -65,7 +278,7 @@ binutils
-
+---
 ## gdb
 - Commands and cheat sheet
@ -88,8 +301,8 @@ set disassembly-flavor intel
 disas main
 ```
-
+---
-## objdump 
+## objdump
 Display information from object files: Where object file can be an intermediate file
 created during compilation but before linking, or a fully linked executable
@ -98,14 +311,15 @@ created during compilation but before linking, or a fully linked executable
 $ objdump -d  <bin>
 ```
 ----
 ## hexdump & xxd
 For canonical hex & ASCII view:
 ```
-$hexdump -C 
+$hexdump -C
 ```
-
+----
-## xxd 
+## xxd
 Make a hexdump or do the reverse:
 ```
 xxd hello > hello.dump