Reverse Engineering

Binary Program Analysis

How to analyze programs without source code? Can I trust a program from an unknown source? What does this malware do? How do I fix bugs in programs that are no longer supported?

To answer these questions, we will gain insights in binary program analysis techniques, namely reverse engineering. We learn how to translate machine code into assembly and reconstruct the code in a higher-level language. For this, the participants gradually learn new concepts and deepen their knowledge in numerous hands-on sessions.

Trainer und Dozenten

Tim Blazytko is a reverse engineer and researcher at the Ruhr-Universität Bochum. His research focus is on novel methods for program analysis in the context of binary application security. Alongside his research, Tim gives trainings and performs security audits as a freelancer.

Voraussetzungen

Inhalt

From C to assembly

  • source Code versus assembly
  • What is a compiler?
  • What is machine code?

x86-64 assembly

  • register and memory access
  • instruction set
  • control flow
  • How to write x86-64 assembly?

Reconstruction of functions

  • reconstructing control and dataflow
  • reconstructing variables
  • reconstructing high-level language constructs (if statements, loops, ...)
  • calling conventions

Reconstruction of data types

  • reconstruction of elementary data types (byte, short, int, ...)
  • recognizing strings
  • local and global variables/data structures
  • pointer
  • reconstructing structs and unions

Static analysis

  • basic blocks
  • control-flow graphs
  • disassembler
  • decompiler
  • state-of-the-art tools

Dynamic analysis

  • debugging
  • single stepping
  • patching
  • state-of-the-art tools