[C/C++] Reverse Engineering Tutorial for newbies --------------------------------------------------------- ---===> Reverse Engineering Tutorial <===--- --==> For Beginners <==-- on Windows --------------------------------------------------------- -= SECTION 1 (Misc. information) =-I. WHAT THIS TUTORIAL WILL COVERII. -= SECTION 2 (WPM hack) =-I. -= SECTION 3 (DLL hack) =-I. APPENDIXES:A. Section 1WHAT THIS TUTORIAL WILL COVER:- General theory behind 'hacking' games- Usage of (C/C++) WriteProcessMemory function- Injection of code (patch jumping to a user-defined *.dll) PREFACE (skip if you want):This tutorial is aimed in a very general direction, towards helping people who have never really 'hacked'anything before, but want to try. REQUIREMENTS:- Knowledge of C or C++ (if you've only coded in C, know that "naked" is a C++ only keyword)- A compiler that is capable of inline, Intel syntax Assembly (MSVC is, but is not share/freeware) No, but really, it's the same logic! WE HAVE THE ADDRESS, NOW WHAT? The prototype for WriteProcessMemory is:
Where to start in Reverse Engineering? « malwarereversing Well given the recent take down of reverse-engineering.net for unknown reasons I’ve decided to mirror some content here. I’ve formatted out some of the bits like user posts identities and cleaned up some formatting. Other than that I have NOT link checked so not sure what are good/bad links here. What do I learn first? —>>path 1: 1 ) visit to view some reversing videos that train you in the RCE basis. 2 ) check to find some visual solution submitted for crackmes. 3 ) Try to repeat the shown steps, and reproduce them with other crackmes. —>> path 2: 1. 1. Course for Newbies Very Assembler Basis, SICE Usage, Basic Techniques. Lessons for N : a collection of 4 lessons with material that explain you what mean the things you see when you start reversing a program. 2. 3. (note: material for learning languages is in the appropriate section!) 4. 5. WinDBG 6.
CrackZ's Reverse Engineering Page (1997-2010). Contact Me E-Mail: CrackZ__(at)hotmail(dot)com (note 2 underscores). ICQ: #131635002. IRC: #cracking4newbies, EFnet. I welcome all of your comments, source code, information, scene news, Shania Twain concert tickets, suggestions & tutorial submissions, even the 404 reports which I will try to fix. Legal Notice After several legal problems, I am obliged to point out that this site is an information resource and copyrighted original work by the author. Message Boards The latest trend in our community seems now to be the 'Message Board', probably many of these existed a long time before I stumbled across them. ExeTools Forum - Although the ExeTool's site itself is now fairly out of date, the forum lives on and is frequented by some of the best (and worst) in the 'scene' for unpacking and tooling matters. Hex-Rays Forum - IDA's Forum, now requires a login. The RCE Forums - Formerly +Fravia's Message Board (R.I.P) now hosted longterm by Woodmann. Site Search Sub Sections Visitors & Webmasters
Reverse Engineering Team The Kernel Boot Process The previous post explained how computers boot up right up to the point where the boot loader, after stuffing the kernel image into memory, is about to jump into the kernel entry point. This last post about booting takes a look at the guts of the kernel to see how an operating system starts life. Since I have an empirical bent I’ll link heavily to the sources for Linux kernel 2.6.25.6 at the Linux Cross Reference. At this point in the Intel x86 boot story the processor is running in real-mode, is able to address 1 MB of memory, and RAM looks like this for a modern Linux system: RAM contents after boot loader is done The kernel image has been loaded to memory by the boot loader using the BIOS disk I/O services. The action starts in the real-mode kernel header pictured above. Architecture-specific Linux Kernel Initialization The early kernel start-up for the Intel architecture is in file arch/x86/boot/header.S. decompress_kernel() prints the familiar “Decompressing Linux…” message.