Software Reverse Engineering Binary analysis: concepts, methods and tools. Catalin Patulea Mar 5, 2008.

Slides:



Advertisements
Similar presentations
Pokas x86 Emulator for Generic Unpacking By Amr Thabet
Advertisements

An Overview Of Virtual Machine Architectures Ross Rosemark.
Prepared by Arch PhD Antonino Di Raimo UNIVERSITETI POLIS SHKOLLA NDERKOMBETARE E ARKITEKTURES DHE POLITIKAVE URBANE Write the shape! (An introduction.
Systems Software.
RIVERSIDE RESEARCH INSTITUTE Helikaon Linux Debugger: A Stealthy Custom Debugger For Linux Jason Raber, Team Lead - Reverse Engineer.
Dean Carlson and Beth Anne Byrd CpSc 420.  What is reverse engineering?  Brief History  Usefulness  The process  Bagle Virus example.
Nov 1 Deadlock Hunter Project Software Engineering Lab. Winter 07/08 Supervised by: Yonatan Kaspi Yonatan Kaspi Introduced by: Jamil Shehadeh Husam.
CS 536 Spring Intermediate Code. Local Optimizations. Lecture 22.
SRE  Introduction 1 Software Reverse Engineering (SRE)
Course: Introduction to Computers
Types of software. Sonam Dema..
Code Injection and Software Cracking’s Effect on Network Security Group 5 Jason Fritts Utsav Kanani Zener Bayudan ECE 4112 Fall 2007.
Computer Organization
Disclaimer The Content, Demonstration, Source Code and Programs presented here is "AS IS" without any warranty or conditions.
Trying to like a boss… REVERSE ENGINEERING. WHAT EVEN IS… REVERSE ENGINEERING?? Reverse engineering is the process of disassembling and analyzing a particular.
© Janice Regan, CMPT 128, Jan CMPT 128 Introduction to Computing Science for Engineering Students Creating a program.
COMPUTER SOFTWARE Section 2 “System Software: Computer System Management ” CHAPTER 4 Lecture-6/ T. Nouf Almujally 1.
Application Security Tom Chothia Computer Security, Lecture 14.
Software Construction and Evolution - CSSE 375 Reverse Engineering Tools and Techniques Shawn & Steve Left – Reengineering from the competition can be.
Introduction Telerik Software Academy Software Quality Assurance.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
1. Produce a folio of tasks that demonstrate a progression in acquiring and applying programming knowledge (ie. learn Visual Basic) 2. Learn about computer.
Binary Auditing Geller Bedoya Michael Wozniak. Background  Binary auditing is a technique used to test the security and discover the inner workings of.
Analysis of the Fimbel Keylogger and Pace University Converter Christopher Funk, Sheryl Hanchar, and Ned Bakelman.
Disclaimer The Content, Demonstration, Source Code and Programs presented here is "AS IS" without any warranty or conditions.
Invitation to Computer Science 5 th Edition Chapter 6 An Introduction to System Software and Virtual Machine s.
EECS 354 Network Security Reverse Engineering. Introduction Preventing Reverse Engineering Reversing High Level Languages Reversing an ELF Executable.
Malware Analysis Jaimin Shah & Krunal Patel Vishal Patel & Shreyas Patel Georgia Institute of Technology School of Electrical and Computer Engineering.
The LC-3 – Chapter 7 COMP 2620 Dr. James Money COMP
Dealing with Malware By: Brandon Payne Image source: TechTips.com.
Dynamic Instruction Sequences Monitor for Virus Detection Jianyong Dai, Ratan Guha, Joohan Lee Wednesday, January 28, 2009 Cho, Ho-Gi.
C o n f i d e n t i a l 1 Course: BCA Semester: III Subject Code : BC 0042 Subject Name: Operating Systems Unit number : 1 Unit Title: Overview of Operating.
Analyzing Malicious Code Nicolas Brulez Ryan Russell Disassembly with a time constraint Recon 2005.
Disclaimer The Content, Demonstration, Source Code and Programs presented here is "AS IS" without any warranty or conditions.
Homework tar file Download your course tarball from web page – Named using your PSU ID – Chapter labeled for each binary.
Shellcode Development -Femi Oloyede -Pallavi Murudkar.
 Programming - the process of creating computer programs.
What is Computer Software?. Hardware vs Software Got to have both to get the job done!
Reverse Engineering. Reverse engineering is the general process of analyzing a technology specifically to ascertain how it was designed or how it operates.
“Software reverse engineering involves taking an existing system for which source code or proper documentation is not available and attempting to recover.
Understand Windows Services Software Development Fundamentals LESSON 5.3.
1 Asstt. Prof Navjot Kaur Computer Dept PRESENTED BY.
Friday, 23 August 2013 Session Work out Presented By: Abhijit Pal.
Software. Introduction n A computer can’t do anything without a program of instructions. n A program is a set of instructions a computer carries out.
PROGRAMMING FUNDAMENTALS INTRODUCTION TO PROGRAMMING. Computer Programming Concepts. Flowchart. Structured Programming Design. Implementation Documentation.
Reverse Engineering Contemporary Countermeasures By: Joshua Schwartz.
Malware malicious software which is specifically designed to disrupt, damage, or gain authorized access to a computer system Analysis detailed examination.
CHAPTER 4 Methodology.
Unit testing your metro style apps built using XAML
Dynamic Analysis ddaa.
Techniques, Tools, and Research Issues
Hierarchical Architecture
Modularity and Memory Clearly, programs must have access to memory
Chapter 2. Malware Analysis in VMs
Assembler, Compiler, Interpreter
Outline Overview Development Tools
Application Binary Interface (ABI)
Virtualization Techniques
COMPUTER SOFT WARE Software is a set of electronic instructions that tells the computer how to do certain tasks. A set of instructions is often called.
COEN 252 Computer Forensics
Chapter 1 Introduction(1.1)
Assembler, Compiler, Interpreter
System Level Programming Software College of SCU
Reverse engineering through full system simulations
Basic Dynamic Analysis VMs and Sandboxes
Following Malware Execution in IDA
Xen and the Art of Virtualization
Talking Malware Analysis with MITRE
Hello World Program In Visual Studio and Debugging
Presentation transcript:

Software Reverse Engineering Binary analysis: concepts, methods and tools. Catalin Patulea Mar 5, 2008

Overview Blackbox analysis Whitebox analysis Surgical analysis aka. names-I-made-up-to-split-up-this-talk- into-multiple-sections

Relevance Malware analysis, signature and countermeasure creation Detecting IP infringement Compatibility –Protected by law in certain countries Backup copies –Teehee.. ;) “How’d it do that!?” Learning?

Blackbox Analysis Analyze the binary’s interaction with the OS –Files, registry, network Usually only good as a first idea of what you’re dealing with –Does it keep a log? Where does it keep user settings? Does it “call home”? Helps to keep the rest of the analysis bounded –After all, the binary can’t do any anything without the OS’ help

Blackbox Tools Dependency Walker Oleview Process Explorer FileMon RegMon Wireshark strace Google it, Luke!

Blackbox Demo

Whitebox Analysis Except for the simplest binaries, you have to get your hands dirty Convert the binary into assembly code (disassemble it), read, and understand it Requires intimate knowledge of: –Assembly language –Operating system interfaces –Calling conventions –Typical instruction sequences and their meaning –etc.

Whitebox Analysis: Challenges Binaries over a few hundred KB (depending on your comfort level and your disassembler) become very time- consuming Some binaries are obfuscated –Packing (ala UPX, PECompact, ASPack) – very common –Polymorphism (Morphine) – typically found in malware

Whitebox Analysis: Demo UPX DataRescue’s IDA Pro

Surgical Analysis Context is as important as the code itself –Knowing the value of a particular register at some point can be crucial –Helps to determine code paths, program state Potentially dangerous (malware) as it involves running the binary on your computer –Could run inside insolated VM (sometimes inconvenient) Debuggers allow us to control the execution flow of the binary –Microsoft-provided symbol files help understand OS interaction

Surgical Analysis: Demo Visual Studio OllyDbg IDA Pro

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.