Hey guys.  Hope ya liked the Episode.  I was trying not to go too fine grain, while also covering the basics.  I think it’s important to note that, with most of the really technical segments, unless it’s something being built (either hardware or software), it’s hard to go in depth enough to feel satisfied unless it was a 30 minute segment.  I strongly encourage you guys to use google to find more information, and to do research.  You won’t learn enough to be too dangerous without fully understanding the theory yourself.  Thanks for watching!!!!

In part 1 of Reverse Engineering I go over some basic theory and demo some tools associated with the Crackme scene of reverse engineering.  This is not hardcore reverse engineering that will get you on the RELOADED team, but it’s a nice peek into things.

Tools of the trade (there are MANY MANY more):

WINDASM (W32DASM):  I cannot link you to anything official as it’s no longer obtainable from the original vendor, so you’ll have to google for it.  Be wary of any copy you download, virus scan it, and run it in a VM or on an isolated machine first.  No guarantees.

IDA Pro:  Industry standard.  Extremely useful for almost any kind of file.  We demo the older free version for lack of $500.
OllyDbg:  Debugger similar to IDA Pro
PEiD:  Detects packers, cryptors, and compilers.
.NET Reflector:  Typically used for disassembling .NET applications.

Big Endian is akin to SONAR being sent as SON AR
Little Endian is akin to SONAR being sent as AR SON

Registers = Variables
32 bit = e
16 bit = different size, ax, bx, cx, dx, di, si, sp, bp
8 bit:  al, ah, bl, bh, cl, ch, dl, dh.  l means lower 8 bits of 16 bit reg, h means higher
Flags = boolean values, 1 or 0.  Zero flag can get 0 or non zero (1) values.

The idea is to debug and disassemble to find out exactly how a program works, thereby enabling you to modify characteristics of that program to suit your needs.

In Part 2 we finish these notes and actually show you how to navigate through code.