Chapter 11. Reverse Engineering and Program Analysis

There are a lot of reasons you may want to understand how a program is put together and how it operates as a process. One of these is to understand how to identify potential vulnerabilities and exploits in the application. Another reason, which may come easily to mind when you hear the term reverse engineering, is to look at malicious software to understand what it does. While there are other ways of handling malware investigations, it can be highly rewarding to dig into the guts of the program to understand what it does at the machine code level. This isn’t very straightforward, though—at least not as straightforward as looking at a more common type of software.

As with so many other security-related functions, Kali has tools available for reverse engineering. However, using the tools will probably be easier if you understand some of the underlying concepts, such as how the operating system manages memory used by programs, then how programs are put together in memory to become processes.

Along the way, we will also touch on other tools that are useful not only for reverse engineering but also for other more common practices like software development, simply because they are good for observing the programs in operation. This can help us understand where there are issues in a program, including vulnerabilities, as well as nonsecurity-related bugs. Knowing how to use a debugger is a useful skill to have, whether you are trying ...