general.md

<- .general ->

_{semantic insight vs implementation detail}

What is Reverse Engineering?

• No one likes reading another person's code. And quite frankly, I enjoy reverse engineering not because I prefer the bloated code generated by software instead. Reverse engineering is more than just reading code. It is about understanding the interactions with different layers of the software stack that are typically abstracted away in higher level programming. It is about understanding how software, that is not your own or not meant to be read by you, works with the rest of the computer system.

Motivation (Anonymous)

• Reversing is like solving a puzzle. You start out at one point, putting piece after piece together until you are stuck then you start another colony somewhere else and slowly the little colonies start growing together. You will be able to see the big picture clearer and clearer with every piece you add to the whole. In the end, you marvel at your work, shows it to others, and enjoys it, tells stories about how you did it and can't wait to start all over again with another one because of the fascinating dynamics and the great fun. Whatever you are doing, enjoy your work, be proud of it, and make it something special.

Semantic Insight vs Implementation Detail

• Higher semantic insight means better overall understanding of the program and how different parts of it interact with each other whereas higher understanding of implementation detail means better overall understanding of how the computer will run the program. Although you gain greater understanding of implementation detail from the program as it gets closer to the zeros and ones that the CPU executes, you also will lose more and more of the program's semantically rich information. For example, in C++ source code you can use access specifier keywords such as public, protected, or private to enforce access restriction to class member functions. But in the corresponding compiled binary, although acess restriction will be enforced, there will be no remanent blatantly indicating which functions are public, which are private, etc... You might be able to guess the original access specifier for a member function by studying how that member function is being used throughout the program whereas from the source code you can tell right away.

---

section overview

---

• Miscellaneous
  • Threads
  • Start IS NOT Main
  • Random Number Generator
  • Endianness
  • Software Breakpoint
  • Hardware Breakpoint
  • Memory Breakpoint

---

further readings

---

• Recommended Websites
  • Reverse Engineering Workshops (@malwareunicorn)
  • Reverse Engineering for Beginners (@OphirHarpaz)
  • Android App Reverse Engineering 101 (@maddiestone)
  • Binary Analysis Course (@LibraAnalysis)
  • ReversingHero
  • martin.vy
  • Azeria Labs
  • XOR06 (same author that made The Legend Of Random)
• Recommended Books
  • Reverse Engineering for Beginners (Dennis Yurichev)
  • Practical Reverse Engineering
  • Practical Malware Analysis
  • Practical Binary Analysis
  • xchg rax, rax
• Recommended Forums
  • 0x00SEC
  • BinaryNinja's Slack Channel
  • Reverse Engineering's subreddit
  • Reverse Engineering's StackExchange
• Recommended YouTubers
  • GynvaelEN
  • Murmus CTF
  • Give Academy
  • LiveOverflow
  • BinaryAdventure
  • MalwareAnalysisForHedgehogs
  • L!NK
  • OALabs
• Recommended Magazines
  • Paged Out!
  • POC||GTFO
• Full-Stack Reverse Engineer: @daeken's steps to getting the base knowledge for reversing anything (video presentation)
• Program Analysis Reading List (@RolfRolles)

.encodings <- RERM -> .tools