Reversing 101 in .NET

Integrating QR Code in .NET Reversing 101
1
QR Code 2d Barcode barcode library in .net
Using Barcode Control SDK for .net framework Control to generate, create, read, scan barcode image in .net framework applications.
Reversing 101
Visual .net qr barcode creationin .net
using barcode creator for visual .net control to generate, create qrcode image in visual .net applications.
Foundations What Is Reverse Engineering Software Reverse Engineering: Reversing Reversing Applications
QR-Code recognizer in .net
Using Barcode recognizer for .NET Control to read, scan read, scan image in .NET applications.
Security-Related Reversing Malicious Software Reversing Cryptographic Algorithms Digital Rights Management Auditing Program Binaries Reversing in Software Development Achieving Interoperability with Proprietary Software Developing Competing Software Evaluating Software Quality and Robustness
Compose barcode for .net
generate, create bar code none on .net projects
3 3 4 4
.NET bar code creatorfor .net
use .net bar code implementation tobuild barcode with .net
5 5 6 7 7 8 8 8 9
Control denso qr bar code size on .net c#
qr code 2d barcode size with visual c#.net
Low-Level Software
Insert denso qr bar code in .net
using asp.net web forms tocompose qr code iso/iec18004 for asp.net web,windows application
Assembly Language Compilers Virtual Machines and Bytecodes Operating Systems
Control qr codes image on vb
using vs .net toaccess qr bidimensional barcode in asp.net web,windows application
10 11 12 13
2d Matrix Barcode barcode library in .net
using .net framework tocreate 2d matrix barcode with asp.net web,windows application
xiii
Code39 barcode library in .net
using visual studio .net crystal togenerate code 39 in asp.net web,windows application
Contents The Reversing Process
Barcode maker in .net
using barcode implement for .net framework control to generate, create bar code image in .net framework applications.
System-Level Reversing Code-Level Reversing
Deploy usps postal numeric encoding technique barcode for .net
using visual .net toconnect usps postal numeric encoding technique barcode on asp.net web,windows application
14 14
Barcode barcode library on c#
using visual .net toadd barcode on asp.net web,windows application
The Tools
Control qr barcode image with visual basic
using .net vs 2010 todraw qr code 2d barcode in asp.net web,windows application
System-Monitoring Tools Disassemblers Debuggers Decompilers
Visual .net matrix barcode implementon vb
use .net framework 2d matrix barcode generating toproduce matrix barcode with vb
15 15 15 16
Code 128C integrating with vb
generate, create ansi/aim code 128 none on vb.net projects
Is Reversing Legal
Upc A implement on vb
generate, create upc a none in vb projects
Interoperability Competition Copyright Law Trade Secrets and Patents The Digital Millenium Copyright Act DMCA Cases License Agreement Considerations
Data Matrix Barcodes barcode library in .net
use .net winforms gs1 datamatrix barcode printer toproduce gs1 datamatrix barcode for .net
17 18 19 20 20 22 23
Barcode barcode library on visual basic
using barcode creation for visual studio .net control to generate, create barcode image in visual studio .net applications.
Code Samples & Tools Conclusion 2 Low-Level Software High-Level Perspectives
Draw pdf417 in vb.net
generate, create pdf-417 2d barcode none for vb projects
Program Structure Modules Common Code Constructs Data Management Variables User-Defined Data Structures Lists Control Flow High-Level Languages C C++ Java C#
23 23 25 26
26 28 28 29 30 30 31 32 33 34 35 36 36
Low-Level Perspectives
Low-Level Data Management Registers The Stack Heaps Executable Data Sections Control Flow
37 39 40 42 43 43
Assembly Language 101
Registers Flags Instruction Format Basic Instructions Moving Data Arithmetic Comparing Operands
44 46 47 48 49 49 50
Contents
Conditional Branches Function Calls Examples 51 51 52
A Primer on Compilers and Compilation
Defining a Compiler Compiler Architecture Front End Intermediate Representations Optimizer Back End Listing Files Specific Compilers
54 55 55 55 56 57 58 59
Execution Environments
Software Execution Environments (Virtual Machines) Bytecodes Interpreters Just-in-Time Compilers Reversing Strategies Hardware Execution Environments in Modern Processors Intel NetBurst ops (Micro-Ops) Pipelines Branch Prediction
60 61 61 62 62 63 65 65 65 67
Conclusion 3 Windows Fundamentals Components and Basic Architecture
Brief History Features Supported Hardware
68 69 70
70 70 71
Memory Management
Virtual Memory and Paging Paging Page Faults Working Sets Kernel Memory and User Memory The Kernel Memory Space Section Objects VAD Trees User-Mode Allocations Memory Management APIs
72 73 73 74 74 75 77 78 78 79
Objects and Handles
Named objects
Processes and Threads
Processes Threads Context Switching Synchronization Objects Process Initialization Sequence
84 84 85 86 87
Contents Application Programming Interfaces
The Win32 API The Native API System Calling Mechanism
88 90 91
Executable Formats
Basic Concepts Image Sections Section Alignment Dynamically Linked Libraries Headers Imports and Exports Directories
93 95 95 96 97 99 99
Input and Output
The I/O System The Win32 Subsystem Object Management
103 104 105
Structured Exception Handling Conclusion 4 Reversing Tools Different Reversing Approaches
Offline Code Analysis (Dead-Listing) Live Code Analysis
105 107 109 110
110 110
Disassemblers
IDA Pro ILDasm
112 115
Debuggers
User-Mode Debuggers OllyDbg User Debugging in WinDbg IDA Pro PEBrowse Professional Interactive Kernel-Mode Debuggers Kernel Debugging in WinDbg Numega SoftICE Kernel Debugging on Virtual Machines
118 118 119 121 122 122 123 124 127
Decompilers System-Monitoring Tools Patching Tools
Hex Workshop
129 129 131
Miscellaneous Reversing Tools
Executable-Dumping Tools DUMPBIN PEView PEBrowse Professional
133 133 137 137
Conclusion
Contents
xvii
Part II
5
Applied Reversing
Beyond the Documentation Reversing and Interoperability Laying the Ground Rules Locating Undocumented APIs
What Are We Looking For
141 142 142 143
Case Study: The Generic Table API in NTDLL.DLL
RtlInitializeGenericTable RtlNumberGenericTableElements RtlIsGenericTableEmpty RtlGetElementGenericTable Setup and Initialization Logic and Structure Search Loop 1 Search Loop 2 Search Loop 3 Search Loop 4 Reconstructing the Source Code RtlInsertElementGenericTable RtlLocateNodeGenericTable RtlRealInsertElementWorker Splay Trees RtlLookupElementGenericTable RtlDeleteElementGenericTable Putting the Pieces Together
146 151 152 153 155 159 161 163 164 165 165 168 170 178 187 188 193 194
Conclusion 6 Deciphering File Formats Cryptex Using Cryptex Reversing Cryptex The Password Verification Process
Catching the Bad Password Message The Password Transformation Algorithm Hashing the Password
196 199 200 201 202 207
207 210 213
The Directory Layout
Analyzing the Directory Processing Code Analyzing a File Entry
218 223
Dumping the Directory Layout The File Extraction Process
Scanning the File List Decrypting the File The Floating-Point Sequence The Decryption Loop Verifying the Hash Value
227 228
234 235 236 238 239
The Big Picture Digging Deeper Conclusion
239 241 242
xviii Contents 7 Auditing Program Binaries Defining the Problem Vulnerabilities
Stack Overflows A Simple Stack Vulnerability Intrinsic Implementations Stack Checking Nonexecutable Memory Heap Overflows String Filters Integer Overflows Arithmetic Operations on User-Supplied Integers Type Conversion Errors
243 243 245
245 247 249 250 254 255 256 256 258 260
Case-Study: The IIS Indexing Service Vulnerability
CVariableSet::AddExtensionControlBlock DecodeURLEscapes
263 267
Conclusion 8 Reversing Malware Types of Malware
Viruses Worms Trojan Horses Backdoors Mobile Code Adware/Spyware
271 273 274
274 274 275 276 276 276
Sticky Software Future Malware
Information-Stealing Worms BIOS/Firmware Malware
277 278
278 279
Uses of Malware Malware Vulnerability Polymorphism Metamorphism Establishing a Secure Environment The Backdoor.Hacarmy.D
Unpacking the Executable Initial Impressions The Initial Installation Initializing Communications Connecting to the Server Joining the Channel Communicating with the Backdoor Running SOCKS4 Servers Clearing the Crime Scene
280 281 282 283 285 285
286 290 291 294 296 298 299 303 303
The Backdoor.Hacarmy.D: A Command Reference Conclusion
304 306
Contents
Part III
9
Cracking
Piracy and Copy Protection Copyrights in the New World The Social Aspect Software Piracy
Defining the Problem Class Breaks Requirements The Theoretically Uncrackable Model
309 309 310 310
311 312 313 314
Types of Protection
Media-Based Protections Serial Numbers Challenge Response and Online Activations Hardware-Based Protections Software as a Service
314 315 315 316 317
Advanced Protection Concepts
Crypto-Processors
Digital Rights Management
DRM Models The Windows Media Rights Manager Secure Audio Path
320 321 321
Watermarking Trusted Computing Attacking Copy Protection Technologies Conclusion 10 Antireversing Techniques Why Antireversing Basic Approaches to Antireversing Eliminating Symbolic Information Code Encryption Active Antidebugger Techniques
Debugger Basics The IsDebuggerPresent API SystemKernelDebuggerInformation Detecting SoftICE Using the Single-Step Interrupt The Trap Flag Code Checksums
321 322 324 324 327 327 328 329 330 331
331 332 333 334 335 335