Presentation is loading. Please wait.

Presentation is loading. Please wait.

Software Reverse Engineering Binary analysis: concepts, methods and tools. Catalin Patulea Mar 5, 2008.

Published byChristal Elliott Modified over 8 years ago

Similar presentations

Presentation on theme: "Software Reverse Engineering Binary analysis: concepts, methods and tools. Catalin Patulea Mar 5, 2008."— Presentation transcript:

1 Software Reverse Engineering Binary analysis: concepts, methods and tools. Catalin Patulea http://vv.carleton.ca/~cat/ Mar 5, 2008

2 Overview Blackbox analysis Whitebox analysis Surgical analysis aka. names-I-made-up-to-split-up-this-talk- into-multiple-sections

3 Relevance Malware analysis, signature and countermeasure creation Detecting IP infringement Compatibility –Protected by law in certain countries Backup copies –Teehee.. ;) “How’d it do that!?” Learning?

4 Blackbox Analysis Analyze the binary’s interaction with the OS –Files, registry, network Usually only good as a first idea of what you’re dealing with –Does it keep a log? Where does it keep user settings? Does it “call home”? Helps to keep the rest of the analysis bounded –After all, the binary can’t do any anything without the OS’ help

5 Blackbox Tools Dependency Walker Oleview Process Explorer FileMon RegMon Wireshark strace Google it, Luke!

6 Blackbox Demo

7 Whitebox Analysis Except for the simplest binaries, you have to get your hands dirty Convert the binary into assembly code (disassemble it), read, and understand it Requires intimate knowledge of: –Assembly language –Operating system interfaces –Calling conventions –Typical instruction sequences and their meaning –etc.

8 Whitebox Analysis: Challenges Binaries over a few hundred KB (depending on your comfort level and your disassembler) become very time- consuming Some binaries are obfuscated –Packing (ala UPX, PECompact, ASPack) – very common –Polymorphism (Morphine) – typically found in malware

9 Whitebox Analysis: Demo UPX DataRescue’s IDA Pro

10 Surgical Analysis Context is as important as the code itself –Knowing the value of a particular register at some point can be crucial –Helps to determine code paths, program state Potentially dangerous (malware) as it involves running the binary on your computer –Could run inside insolated VM (sometimes inconvenient) Debuggers allow us to control the execution flow of the binary –Microsoft-provided symbol files help understand OS interaction

11 Surgical Analysis: Demo Visual Studio OllyDbg IDA Pro

Download ppt "Software Reverse Engineering Binary analysis: concepts, methods and tools. Catalin Patulea Mar 5, 2008."

Similar presentations

Pokas x86 Emulator for Generic Unpacking By Amr Thabet

Pokas x86 Emulator for Generic Unpacking By Amr Thabet
An Overview Of Virtual Machine Architectures Ross Rosemark.

An Overview Of Virtual Machine Architectures Ross Rosemark.
Prepared by Arch PhD Antonino Di Raimo UNIVERSITETI POLIS SHKOLLA NDERKOMBETARE E ARKITEKTURES DHE POLITIKAVE URBANE Write the shape! (An introduction.

Prepared by Arch PhD Antonino Di Raimo UNIVERSITETI POLIS SHKOLLA NDERKOMBETARE E ARKITEKTURES DHE POLITIKAVE URBANE Write the shape! (An introduction.
Systems Software.

Systems Software.
RIVERSIDE RESEARCH INSTITUTE Helikaon Linux Debugger: A Stealthy Custom Debugger For Linux Jason Raber, Team Lead - Reverse Engineer.

RIVERSIDE RESEARCH INSTITUTE Helikaon Linux Debugger: A Stealthy Custom Debugger For Linux Jason Raber, Team Lead - Reverse Engineer.
Dean Carlson and Beth Anne Byrd CpSc 420.  What is reverse engineering?  Brief History  Usefulness  The process  Bagle Virus example.

Dean Carlson and Beth Anne Byrd CpSc 420.  What is reverse engineering?  Brief History  Usefulness  The process  Bagle Virus example.
2008 - Nov 1 Deadlock Hunter Project Software Engineering Lab. Winter 07/08 Supervised by: Yonatan Kaspi Yonatan Kaspi Introduced by: Jamil Shehadeh Husam.

Nov 1 Deadlock Hunter Project Software Engineering Lab. Winter 07/08 Supervised by: Yonatan Kaspi Yonatan Kaspi Introduced by: Jamil Shehadeh Husam.
CS 536 Spring 20011 Intermediate Code. Local Optimizations. Lecture 22.

CS 536 Spring Intermediate Code. Local Optimizations. Lecture 22.
SRE  Introduction 1 Software Reverse Engineering (SRE)

SRE  Introduction 1 Software Reverse Engineering (SRE)
Course: Introduction to Computers

Course: Introduction to Computers
Types of software. Sonam Dema..

Types of software. Sonam Dema..
Code Injection and Software Cracking’s Effect on Network Security Group 5 Jason Fritts Utsav Kanani Zener Bayudan ECE 4112 Fall 2007.

Code Injection and Software Cracking’s Effect on Network Security Group 5 Jason Fritts Utsav Kanani Zener Bayudan ECE 4112 Fall 2007.
Computer Organization

Computer Organization
Www.SecurityXploded.com. Disclaimer The Content, Demonstration, Source Code and Programs presented here is AS IS without any warranty or conditions.

Disclaimer The Content, Demonstration, Source Code and Programs presented here is "AS IS" without any warranty or conditions.
Trying to like a boss… REVERSE ENGINEERING. WHAT EVEN IS… REVERSE ENGINEERING?? Reverse engineering is the process of disassembling and analyzing a particular.

Trying to like a boss… REVERSE ENGINEERING. WHAT EVEN IS… REVERSE ENGINEERING?? Reverse engineering is the process of disassembling and analyzing a particular.
© Janice Regan, CMPT 128, Jan. 2007 0 CMPT 128 Introduction to Computing Science for Engineering Students Creating a program.

© Janice Regan, CMPT 128, Jan CMPT 128 Introduction to Computing Science for Engineering Students Creating a program.
COMPUTER SOFTWARE Section 2 “System Software: Computer System Management ” CHAPTER 4 Lecture-6/ T. Nouf Almujally 1.

COMPUTER SOFTWARE Section 2 “System Software: Computer System Management ” CHAPTER 4 Lecture-6/ T. Nouf Almujally 1.
Application Security Tom Chothia Computer Security, Lecture 14.

Application Security Tom Chothia Computer Security, Lecture 14.
Software Construction and Evolution - CSSE 375 Reverse Engineering Tools and Techniques Shawn & Steve Left – Reengineering from the competition can be.

Software Construction and Evolution - CSSE 375 Reverse Engineering Tools and Techniques Shawn & Steve Left – Reengineering from the competition can be.
Introduction Telerik Software Academy Software Quality Assurance.

Introduction Telerik Software Academy Software Quality Assurance.

Similar presentations

Ads by Google