High-Level Reverse Engineering whitepaper

["Andy Davis" <andy.davis () irmplc com>]

This paper aims to present a methodical framework for high-level reverse
engineering. The methodology is a culmination of existing tools and
techniques within the IT security research community, which presents
ways to identify process operation at a higher-level of abstraction than
traditional binary reversing. Here, we focus our attention on
application DLLs and the functions that they implement and export, which
includes process interactions with other applications and various
operating system function calls. We use existing tools and techniques to
derive ways of quickly identifying how applications are constructed, the
functions that they use and how they use them. Following this high-level
reverse engineering, the researcher is then free to take further steps
at reversing specific functions with the more traditional lower-level
binary analysis.

 

The key tools required and used throughout the methodology are the
Universal Hooker (uhooker) by Core Security Technologies [1], the
Interactive Disassembler (IDA) [2] and the OllyDbg debugger [3]. It is
assumed that the reader is already familiar with these tools. Further
information on these tools and their operation can be found from the
references section at the end of this document.

 

The full paper can be downloaded here:

 

http://www.irmplc.com/index.php/69-Whitepapers

 

 

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/