问题
In my case it's written in c/c++,if that matters.
回答1:
IDA rocks. IDA Disassembler
回答2:
Most reverser's are still gurus. You should first ask yourself why am I reversing?
There are a few main reasons I can think of.
- You are trying to crack a copy protection mechanism, pirate software, or cheat in a video game.
- You work for an Antivirus Company and need to understand the virus or the latest threat. Or are a government trying to prevent war or espionage.
- You are beginning in programming, and are erroneously taking the approach of learning by tinkering.
- You are a competitor and cannot figure out something (usually small) that they did.
In all of these cases, the true objective is small (a single algorithm for example), even though the ammount of code is large.
#1 Hacking / Cracking / and Cheating
This is pretty easy actually. You just need to defeat the multiple anti circumvention measures. Without getting caught. The penalties for getting caught are high. DMCA violations, getting CD KEY banned from game, lawsuits... Any good debugger will do. Wikipedia has a good article on Windows debuggers. Some are free, some are not. Be sure to enable all anti circumvention measures and hack with your network disabled.
#2 Professional Researcher
They have asked what you asked, a long time ago.
#3 Beginner Programmer
Computer programming is not for the this looks easy I'll figure it out types... Even the most experienced programmers fail without documentation, samples, and examples. At the least, understand the Windows API, the docs are on MSDN.microsoft.com. This will teach you what you need to know.
#4 Competitor
This is the most debated form of reverse engineering. You will need extensive knowledge of APIs used in the system. In this case, you need to know some of Windows APIs by heart. If you don't reversing a competitors code will be very difficult. What you do, is figure out educated guess which known API the program must use to do a speciffic task.
For example, if it prints a message box to the screen, set a breakpoint on the Windows API: MessageBoxW. Then look at the callstack to see where the code was executed from in the program, and step back through the code (with your brain..) and figure out what you need to know.
Reverse engineering takes hours
Antivirus authors likely have automated the Windows API (which could take years) to look for stuff that is common in malicious code. Tools that are under $100 are usually not very automated, so you'll use your brain alot.
回答3:
you missed a few more reasons, curiosity to learn how things are done where they are not publicly documented, sometimes its the Himalayas appeal for us nerds out there, why do it because its there, and mistrust paranoia, are they doing the right thing, are they ethical to the mass populous? All the ones you listed are probably the more common though sadly.
It is a lot of effort but if the reason is learning, Any tool is good, I am definitely no guru (some of the people I have seen out there are oh so fast), but I find if you take the approach, decompile, copy a sections at a time in essence re-writing the system while stubbing calls that have not yet been copied you can reverse the design and determine algorithms used.
回答4:
OllyDbg is another free tool for reverse-engineering on Windows alongside IDA. You can find plenty of tutorials and plugins, scripts etc. from Tuts 4 You for both tools ("Lena's reversing for newbies" series is a great introduction to using Olly).
来源:https://stackoverflow.com/questions/3633488/whats-the-best-practice-to-reverse-engineering-a-binary-file-in-windows