x86 Software Reverse-Engineering, Cracking, and Counter-Measures
by Stephanie Domas, Christopher Domas
CHAPTER 6Analyzing and Debugging Assembly Code
Earlier chapters focused on the theory and fundamentals of reverse engineering. Learning how x86 works and common instruction formats is essential to success.
This chapter takes a hands-on approach to reverse engineering and software cracking. It introduces gdb, a powerful debugger, and explores some important tips and tricks for software reverse engineering and cracking.
Binary Analysis
Analyzing existing executables makes up a great deal of reverse engineering. Binary analysis can be accomplished in a few different ways, including static and dynamic analysis and debugging.
Static and Dynamic Analysis
A program's functionality can be analyzed in a few different ways. Two of the main techniques are static and dynamic analysis.
Static analysis involves analyzing the source code without ever running it. Static analysis has a few advantages, including the following:
- Good starting point for further analysis
- Risk-free method of analyzing potential malware
- No need for access to specialized architectures
Static analysis has its advantages, one of the biggest being it's always an option. But it can be time-consuming and won't catch everything. There will always be pieces of code that are meaningful only at runtime. When analyzing complex code, without watching the code run, it can be difficult or impossible to anticipate where something like a jump might go. Also, many code flows are dictated by the input given to the program, so ...