09-04-2015, 03:06 PM
So you want be a Reverser? This is the best tutorial with the best tools ever coupled!!
What is Reverse Engineering?
-Reverse engineering, also called back engineering, is the processes of extracting knowledge or design information from anything man-made and re-producing it or reproducing anything based on the extracted information.(Thanks Wikipedia)
So here we go
I am a noob reverser i learned much from all this :) i hope you too
TUTORIALS
Tools
Signature Scanners:
PEiD - http://bob.droppages.com/Projects/PEiD
API Loggers:
API Monitor - http://www.rohitab.com/apimonitor
WinAPIOverride - http://jacquelin.potier.free.fr/index.php
Process Monitor - http://technet.microsoft.com/en-us/sysin...s/bb896645
Debuggers/Disassemblers:
OllyDbg - http://www.ollydbg.de/
IDA Pro - https://www.hex-rays.com/products/ida/index.shtml
WinDBG - http://msdn.microsoft.com/en-us/windows/...e/hh852365
W32DASM - https://tuts4you.com/download.php?view.1138
Decompilers:
.NET
.NET Reflector - http://www.red-gate.com/products/dotnet-...reflector/
dotPeek - http://www.jetbrains.com/decompiler/
Telerik JustDecompile - http://www.telerik.com/products/decompiler.aspx
ILSpy - http://ilspy.net/
VB 6
VB Decompiler - http://www.vb-decompiler.org/
Delphi
DeDe - http://www.softpedia.com/get/Programming...DeDe.shtml
C
Boomerang - http://boomerang.sourceforge.net/
Automated Analysis:
Offline
SysAnalyzer http://www.woodmann.com/collaborative/to...ysAnalyzer
Online
Anubis - http://anubis.iseclab.org/
ThreatExpert - http://www.threatexpert.com/filescan.aspx
GFI Sandbox™ (formerly CWSandbox)
Virtual Machines/Sandboxes:
VMware Workstation - http://www.vmware.com/products/workstation
Sandboxie - http://www.sandboxie.com/
Packet Sniffers:
Wireshark - https://www.wireshark.org/
TCPView - http://technet.microsoft.com/en-us/sysin...97437.aspx
PE Editors:
CFF Explorer - http://ntcore.com/exsuite.php
PEditor - http://www.softpedia.com/get/Programming...itor.shtml
Hex Editors:
HxD - http://mh-nexus.de/en/hxd/
HexEdit - http://www.hexedit.com/
Misc:
Sysinternals Suite - http://technet.microsoft.com/en-us/sysin...42062.aspx
Hex Calculator - http://www.hexprobe.com/hpmbcalc/index.htm
Process Explorer - http://technet.microsoft.com/en-us/sysin...96653.aspx
While I'm sure that some of these are outdated, it should at least give you a headstart (by pointing you in the right direction). That doesn't mean, however, that they are ALL outdated.
GIVE me REP++ IF I HELPED :)
What is Reverse Engineering?
-Reverse engineering, also called back engineering, is the processes of extracting knowledge or design information from anything man-made and re-producing it or reproducing anything based on the extracted information.(Thanks Wikipedia)
So here we go
I am a noob reverser i learned much from all this :) i hope you too
TUTORIALS
Code:
http://www.mediafire.com/download/y4lqw2ywc7opm57/%5Brenhoax%5Dsnd-reversingwithlena-tutorials.rar
*What it contains?
01. Olly + assembler + patching a basic reverseme
02. Keyfiling the reverseme + assembler
03. Basic nag removal + header problems
04. Basic + aesthetic patching
05. Comparing on changes in cond jumps, animate over/in, breakpoints
06. "The plain stupid patching method", searching for textstrings
07. Intermediate level patching, Kanal in PEiD
08. Debugging with W32Dasm, RVA, VA and offset, using LordPE as a hexeditor
09. Explaining the Visual Basic concept, introduction to SmartCheck and configuration
10. Continued reversing techniques in VB, use of decompilers and a basic anti-anti-trick
11. Intermediate patching using Olly's "pane window"
12. Guiding a program by multiple patching.
13. The use of API's in software, avoiding doublechecking tricks
14. More difficult schemes and an introduction to inline patching
15. How to study behaviour in the code, continued inlining using a pointer
16. Reversing using resources
17. Insights and practice in basic (self)keygenning
18. Diversion code, encryption/decryption, selfmodifying code and polymorphism
19. Debugger detected and anti-anti-techniques
20. Packers and protectors : an introduction
21. Imports rebuilding
22. API Redirection
23. Stolen bytes
24. Patching at runtime using loaders from lena151 original
25. Continued patching at runtime and unpacking armadillo standard protection
26. Machine specific loaders, unpacking and debugging armadillo
27. tElock + advanced patching
28. Bypassing and killing server checks
29. Killing and inlining a more difficult server check
30. SFX, Run Trace and more advanced string searching
31. Delphi in Olly and DeDe
32. Author tricks, HIEW and approaches in inline patching
33. The FPU, integrity checks and loader versus patcher
34. Reversing techniques in packed software and a S&R loader for ASProtect
35. Inlining inside polymorphic code
36. Keygenning <--- (This one i liked the most)
37. In-depth unpacking and anti-anti-debugging a combination packer / protector
38. Unpacking continued and debugger detection by DLL's and TLS
39. Inlining a blowfish scheme in a packed and CRC protected dllTools
Signature Scanners:
PEiD - http://bob.droppages.com/Projects/PEiD
API Loggers:
API Monitor - http://www.rohitab.com/apimonitor
WinAPIOverride - http://jacquelin.potier.free.fr/index.php
Process Monitor - http://technet.microsoft.com/en-us/sysin...s/bb896645
Debuggers/Disassemblers:
OllyDbg - http://www.ollydbg.de/
IDA Pro - https://www.hex-rays.com/products/ida/index.shtml
WinDBG - http://msdn.microsoft.com/en-us/windows/...e/hh852365
W32DASM - https://tuts4you.com/download.php?view.1138
Decompilers:
.NET
.NET Reflector - http://www.red-gate.com/products/dotnet-...reflector/
dotPeek - http://www.jetbrains.com/decompiler/
Telerik JustDecompile - http://www.telerik.com/products/decompiler.aspx
ILSpy - http://ilspy.net/
VB 6
VB Decompiler - http://www.vb-decompiler.org/
Delphi
DeDe - http://www.softpedia.com/get/Programming...DeDe.shtml
C
Boomerang - http://boomerang.sourceforge.net/
Automated Analysis:
Offline
SysAnalyzer http://www.woodmann.com/collaborative/to...ysAnalyzer
Online
Anubis - http://anubis.iseclab.org/
ThreatExpert - http://www.threatexpert.com/filescan.aspx
GFI Sandbox™ (formerly CWSandbox)
Virtual Machines/Sandboxes:
VMware Workstation - http://www.vmware.com/products/workstation
Sandboxie - http://www.sandboxie.com/
Packet Sniffers:
Wireshark - https://www.wireshark.org/
TCPView - http://technet.microsoft.com/en-us/sysin...97437.aspx
PE Editors:
CFF Explorer - http://ntcore.com/exsuite.php
PEditor - http://www.softpedia.com/get/Programming...itor.shtml
Hex Editors:
HxD - http://mh-nexus.de/en/hxd/
HexEdit - http://www.hexedit.com/
Misc:
Sysinternals Suite - http://technet.microsoft.com/en-us/sysin...42062.aspx
Hex Calculator - http://www.hexprobe.com/hpmbcalc/index.htm
Process Explorer - http://technet.microsoft.com/en-us/sysin...96653.aspx
While I'm sure that some of these are outdated, it should at least give you a headstart (by pointing you in the right direction). That doesn't mean, however, that they are ALL outdated.
GIVE me REP++ IF I HELPED :)