[NOOBHACK] Reverse engineering techniques and know-how

Hello everybody I'm NOOBHACK. Today, I'll tell you techniques and know-how for reversing engineering.

First, reversing has a very broad scope. So, We need to approach it with various method.

 

 

1. static analysis + dynamic analysis

You need techniques to static analysis and dynamic analysis. Because only use static analysis or dynamic analysis, leads to a decrease in analysis efficiency. In my case, I use the static analysis tool to Ghidra and I use the dynamic analysis tool to x64dbg, x32dbg. I don't use IDA tool. Because the tool is expensive. In addition, free version IDA can't be converted from assembly to C language So I don't use IDA tool. 

 

When combining dynamic analysis and static analysis, you need to be careful to ASLR memory protection.

ASLR protect that makes attacks more difficult. So When you reversing the program to combining static analysis and dynamic analysis, you need check to ASLR memory  address. How to check ASLR memory address?

 

For example, if you want to view ASLR memory address in x64dbg,  do it like this!

 

 

1. Navigate to the Memory category in x64dbg

2. And check the line of the program you are analyzing.

The left line is size of the ASLR address, next line is size of program size.

but When don't apply ASLR, the left line is size of IMAGE_Dos_header.

 

In the Case of Ghidra, There is no need to check to ASLR memory address.

 

 

 

2.Use cheat engine

The cheat engine is very good tool. It is very useful when trace the specific value. The tool is commonly used with dynamic anaylsis tool. Here's how to use dynamic analysis and cheat engines together.

 

First, Analyze the program you want to analyze with a dynamic analysis tool.

In my case, I Analyzed winmine.

 

Second, run the cheat engine select the analysis program.

Good. We can do combine cheat engine and dynamic anaysis tool!

 

 

 

3. Applications of GPT

GPT is also a very useful tool! If you use the GPT, shortens the Googling time. But GPT cannot unconditionally better than  Google. If you can speak English, you can access a wealth of information! But in my case, when I studied function, I used Google more GPT!