So, I never really messed around with disassembling apps, even though I have the curiosity and I have spent enough time programming in C to be able to understand pretty much anything in front of me...
I just found a tutorial that teaches how to breach simple protection loops using W32Dasm... Do you guys have any experience with that? Is there a better way to disassemble and reassemble apps changed after messing it up? Do you have any tips for stuff like that?
The tutorial also mentions a hex editor, but why would you need that after disassembling is beyond me, the tutorial never seems to use it...
Name:
Anonymous2011-05-20 10:53
This thread was closed and replaced with the following: ★Disassembling tinychat.swf with flasm★
Doesn't work.
>>3
[quote]So, I never really messed around with disassembling apps, even though I have the curiosity and I have spent enough time programming in C to be able to understand pretty much anything in front of me...
I just found a book that teaches how to breach simple protection loops using W32Dasm... Do you guys have any experience with that? Is there a better way to disassemble and reassemble apps changed after messing it up? Do you have any tips for stuff like that?
The book also mentions a hex editor, but why would you need that after disassembling is beyond me, the book never seems to use it...[/quote]
>>9
Shit is old as fuck, but good.
This is what got me into programming. Man that was so long ago, i still remember that was when i still was a /b/tard and we used to regularly use /b/.
So much changed, i still cant believe im here since 5 years.
I only got the first half of the second chapter, maybe i should finish it.
I just found a tutorial that teaches how to breach simple protection loops using W32Dasm...
I don't know what a ``protection loop'' is. Almost nobody uses W32Dasm today. Do you guys have any experience with that?
While I have no idea what you mean by ``protection loops'', I do have extensive reverse code engineering experience. Is there a better way to disassemble and reassemble apps changed after messing it up?
You don't ``disassemble and reassemble apps'', at least while you can do that, it's almost always an overkill, unless you're writing a software protection or some kind of software protection remover tool, and even then, it may be overkill. Full disassembly and reassembly may even result in broken applications if certain precautions aren't taken. Making the perfect disassembler for x86 code is nearly impossible, but ``good enough'' ones do exist. The tutorial also mentions a hex editor, but why would you need that after disassembling is beyond me, the tutorial never seems to use it...
A hex editor is a fairly general and useful tool. I would have a very hard time without it. I'd imagine in your tutorial, you'd need it to patch whatever it is that you want to patch as well as getting a quick overview of the layout of your executable.
Do you have any tips for stuff like that?
The first tip would be for you to get the intel processor manuals and read them (if you want to learn to reverse for another platform, do get their official manuals) and then get the documentation for your platform (in this case, for Win32, you'd need MSDN to get yourself familiar with Win32API). As you said you already know C, you will need to familiarize yourself with how C translates to assembly and how you can reverse this. Your end-goal is to read assembly and see C code, or at least be able to extract the higher level meaning without having to manually decompile code (there are some automatic decompilers as well, some which are getting decent these days, but I don't think you'll learn anything by relying on them). As for cracking, it's usually accomplished by patching the code to do what you want (rewrite some small portion). You may also need to learn to unpack/deprotect executables in some cases but for this, you'll need to understand OS internals, the executable file format as well as many undocumented tricks and various tools-of-the-trade.
General tools:
IDA Pro - generic disassembler, has good heuristics, also has a debugger. Even has a C disassembler called Hex-Rays and is scriptable in its own language and Python. Many plugins.
hiew/biew - decent hex editor, mostly x86/win32 oriented. Other people prefer other hex editors, there is a large choice of them. I like those that let you disassemble/assemble inline, dump/load blocks, perform transformations on data, some parsing and a few other stuff. A scriptable editor would be 010 Editor.
vmWare/VirtualBox/bochs/... - some virtualization solution, if running unsafe code or want to return to specific old system state.
Platform-specific tools(win32):
OllyDBG - fairly good Win32 debugger, still rather standard despite its bugs, has a huge deal of plugins, many of which you'll need to make full use of its capabilities. It's getting old, especially as it lacks 64bit support.
WinDBG - if you need to debug kernel-mode code.
Syser - same as previous, more SoftICE-like. SoftICE may also work for you if you use a VM with an old enough OS to be compatible with it.
Resource Hacker - resource editor.
LordPE - a classic dumper/PE editor. Good, once you know its quirks and how to tweak it. Unpacking related.
PETools - a more modern dumper/pe editor, can even dump kernel modules with the right plugins. Unpacking related.
CFF Explorer - modern pe editor, has some .NET-related features.
imprec - import rebuilder. Unpacking related.
relox - relocations rebuilder. Unpacking related.
resfix - resource rebuilder. Unpacking related.
Reflector - .NET decompiler/disassembler
Universal Extractor - collection of installer unpackers.
There are also 64bit variants of some of those tools, but I didn't include them here, search for them if you happen to reverse x64 code.
There are many other tools, but you probably won't need them except for specific things and you can always search for them when you need them.