Post by Admin on Nov 15, 2007 22:36:27 GMT -5
Hi everyone. For those of you just getting started, or perhaps those of you who are just wondering what RE is, RE is (in my own words):
The intentional modification of data to allow for otherwise unintended operation of an executable.
This is a broad and not entirely accurate definition, but it does describe the general purpose of RE. In layman's terms, it means changing the behavior of a program to allow you to do things it doesn't want you to do. Examples are extending trial periods, removing cd checks (for games), and enabling disabled functions. However, there are practical- legal -applications for RE. Learning to reverse will immensely improve or teach you assembly language skills, debugging skills, and good code practice in your own applications.
There are many freeware/shareware programs that are commonly used while reversing. These programs are well known and hosted, usually, in multiple places. Here is a list of the 5 (ok 6) main ones that are absolutely necessary:
[NOTE: I cannot be held responsible if one of these programs damages your computer. As of this posting they are all working and virus-free, but scan them anyway to be safe.]
1. Ollydbg - www.ollydbg.de
Olly is the standard debugger used by reversers everywhere. In the days of 98 Softice was commonly used, by compatibility issues have lead many to find this alternative. Due to its popularity in the RE community, many programs have implemented anti-Olly code.
2. IDA 4.3 - www.dirfile.com/downloadnow_ida-pro-freeware-version_freeware.html
IDA 4.3 is a very well written freeware disassembler. It's purpose is to take a binary file and convert back into readable assembly code- known commonly among reversers as a "deadlisting". This is very useful because it provides otherwise uneasily attainable info about a binary, such as: Strings, API imports/exports, named function calls, etc. Many reverers have different favorites for deadlisting, but this is, in my experience, the best. Another older disassembler that I used to use is W32Dasm, but my tutorials will assume you are using IDA.
3. PEiD - www.softpedia.com/progDownload/PEiD-updated-Download-4102.html
PEiD quickly provides extremely useful info about a binary, such as compressor used, compiler used, and Crypto strings. This is the first thing I run on a binary before doing anything else because it's very difficult to read deadlisted code that has been compressed.
4. HIEW 6.86 - codenow.freesuperhost.com/downloads/hiew_686.zip
HIEW is my personal favorite binary editor. Sure version 6.86 is outdated, but it's a limitless trial version that has all the functionality you need. What do you use it for? Well once you've written down all of the offsets that you need to modify, you use this program to actually modify the program and thereby 'crack' it. I will explain the use of this program in my first tutorial.
5. Regmon & Filemon - download.sysinternals.com/Files/Regmon.zip & download.sysinternals.com/Files/Filemon.zip
These programs allow for monitoring of a program's access to the registry and files. They are simple and straightfoward to use, so 'nuff said.
The intentional modification of data to allow for otherwise unintended operation of an executable.
This is a broad and not entirely accurate definition, but it does describe the general purpose of RE. In layman's terms, it means changing the behavior of a program to allow you to do things it doesn't want you to do. Examples are extending trial periods, removing cd checks (for games), and enabling disabled functions. However, there are practical- legal -applications for RE. Learning to reverse will immensely improve or teach you assembly language skills, debugging skills, and good code practice in your own applications.
There are many freeware/shareware programs that are commonly used while reversing. These programs are well known and hosted, usually, in multiple places. Here is a list of the 5 (ok 6) main ones that are absolutely necessary:
[NOTE: I cannot be held responsible if one of these programs damages your computer. As of this posting they are all working and virus-free, but scan them anyway to be safe.]
1. Ollydbg - www.ollydbg.de
Olly is the standard debugger used by reversers everywhere. In the days of 98 Softice was commonly used, by compatibility issues have lead many to find this alternative. Due to its popularity in the RE community, many programs have implemented anti-Olly code.
2. IDA 4.3 - www.dirfile.com/downloadnow_ida-pro-freeware-version_freeware.html
IDA 4.3 is a very well written freeware disassembler. It's purpose is to take a binary file and convert back into readable assembly code- known commonly among reversers as a "deadlisting". This is very useful because it provides otherwise uneasily attainable info about a binary, such as: Strings, API imports/exports, named function calls, etc. Many reverers have different favorites for deadlisting, but this is, in my experience, the best. Another older disassembler that I used to use is W32Dasm, but my tutorials will assume you are using IDA.
3. PEiD - www.softpedia.com/progDownload/PEiD-updated-Download-4102.html
PEiD quickly provides extremely useful info about a binary, such as compressor used, compiler used, and Crypto strings. This is the first thing I run on a binary before doing anything else because it's very difficult to read deadlisted code that has been compressed.
4. HIEW 6.86 - codenow.freesuperhost.com/downloads/hiew_686.zip
HIEW is my personal favorite binary editor. Sure version 6.86 is outdated, but it's a limitless trial version that has all the functionality you need. What do you use it for? Well once you've written down all of the offsets that you need to modify, you use this program to actually modify the program and thereby 'crack' it. I will explain the use of this program in my first tutorial.
5. Regmon & Filemon - download.sysinternals.com/Files/Regmon.zip & download.sysinternals.com/Files/Filemon.zip
These programs allow for monitoring of a program's access to the registry and files. They are simple and straightfoward to use, so 'nuff said.