Reverse engineering¶
2025 Reverse engineering
Software reverse engineering is the art of analyzing how a program works without having access to its source code. It is used in various contexts, such as analyzing malware, detecting vulnerabilities, analyzing execution performance, and rewriting a program whose source code has been lost…
Two techniques are possible for reverse engineering a program: dynamic and static analysis. Dynamic analysis is the process of evaluating a program’s behavior while it is running. This contrasts with static analysis, which examines code without execution. These two techniques are both independent and complementary.
Regardless of the techniques used, a basic understanding of assembly language is essential.
Tools for binary analysis (ELF/PE)¶
Dynamic analysis¶
On linux
On windows
Static analysis¶
On linux
strace monitors and records all system calls made by a program
ltrace monitors and records library function calls made by a program
gdb gdb: the GNU Debugger, a powerful command-line debugger
edb a cross-platform Qt based debugger
lsof lists all open files and network connections
On windows
NtTrace monitors and logs all Windows API calls made by a program
OllyDbg a assembler level analyzing debugger
TCPView provides detailed listings of all TCP and UDP endpoints on your system.
DiskMon a system utility that logs and displays all hard disk activity
PortMon a system utility for monitoring and logging serial and parallel port activity
Process Monitor an advanced monitoring tool for Windows that shows real-time file system, Registry, and process/thread activity