考虑进入逆向工程/反汇编
假设对常见 CPU 架构(例如:x86)上的汇编有很好的了解,那么如何探索进入逆向工程领域的潜在路径(职业、乐趣和利润等)?那里的教育指南太少了,所以很难理解它现在有什么潜在用途(例如:搜索缓冲区溢出漏洞是否仍然很常见,或者堆栈监视程序是否会使它过时?)。我不是在寻找任何分步程序,只是寻找一些相关信息,例如有关如何有效查找程序特定区域的提示。贸易中的基本事情。以及它目前的用途。
回顾一下,逆向工程目前有哪些用途?以及如何找到一些关于如何学习交易的基本信息(同样,它不必是一步一步的,任何可以通过线索的东西都会有帮助)。
Assuming a decent understanding of assembly on common CPU architectures (eg: x86), how can one explore a potential path (career, fun and profit, etc) into the field of reverse engineering? There is so little educational guides out there so it is difficult to understand what potential uses this has today (eg: is searching for buffer overflow exploits still common, or do stack monitoring programs make this obselete?). I am not looking for any step by step program, just some relevant information such as tips on how to efficiently find a specific area of a program. Basic things in the trade. As well as what it is currently being used for today.
So to recap, what current uses does reverse engineering yield today? And how can one find some basic information on how to learn the trade (again it doesn't have to be step-by-step, just anything which can through a clue would be helpful).
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(6)
正如前面提到的,我所知道的主要是与恶意软件相关的。扫描仪公司研究人员的主要任务之一是取样并在实验室或虚拟环境中对其进行调试。
沿着同样的路线,有许多与安全相关的领域使用逆向工程/反汇编。计算机取证是您可能想要研究的领域。被没收的计算机可能包含用于各种活动(命令和控制僵尸网络、DoS 攻击程序等)的命令和控制程序(但没有来源)。通过对保护程序进行逆向工程而不是找出密码或密钥来规避受保护的数据方案通常要容易得多。
硬件和软件中的 DRM/安全保护是一个很大的逆向工程领域。请注意,这可能是问题(和法律)的任何“一方”。考虑 DVD 复制程序、保护删除、在其他设备上播放 iTunes 音乐的能力、在 Wii 上运行自制程序的能力、并行 PS3 网格、解锁 iPhone 等。显然,也有许多非合法选项(反向设计老虎机计时器、ATM 机身份验证等)。
遗留程序转换在许多领域都是一个巨大的机会,特别是政府、金融、制造等。有些关键任务程序已经在古老的大型机或小型机上运行了 30 年,但没有人拥有源代码。团队必须对程序进行逆向工程,将其转换为更新的程序。
关于学习 Win32 教程的其他建议都很棒。此外,可悲的是,一些最好的出版作品将是关于破解(游戏)的。搜索一下,有一些教程展示了基础知识。我上的一门课使用了 Peter Szor 所著的《计算机病毒研究与防御的艺术》一书,但它更侧重于恶意软件的想法,而不是确切的反汇编部分。
根据您选择的路线,您将需要其他方面的背景,但了解组装将是您最关键的技能。不仅仅是从“我理解该代码主要做什么”的角度来看,您应该能够从头开始编写内容,并准确理解给定代码的作用,并理解可以编写相同代码的其他方式。组装(编码)涉及找出问题的一种解决方案并对其进行编码。反汇编涉及到找出最初使用许多不同解决方案中的哪一个来解决问题——这要困难得多;)
The main one that I know of, as mentioned previously, is malware related. One of the primary tasks of researchers that work for scanner companies is to take a sample and debug it in a lab or virtual environment.
Along those same lines, there are plenty of security related areas that use reverse engineering/disassembly. Computer forensics is an area you might want to look into. A confiscated computer might have contain command and control programs (but no source) for various activities (command and control botnet, DoS attack programs, etc). It is usually much easier to circumvent protected data schemes by reverse engineering the program that protects rather than figuring out the password or key.
DRM/security protection in both hardware and software is a big reverse engineering area. Note this could be on either "side" of the issue (and law). Consider DVD copy programs, protection removal, the ability to play iTunes music on other devices, the ability to run homebrew programs on Wii, parallelizing a PS3 grid, unlocking an iPhone, etc, etc. Obviously there are many nonlegal only options too (reverse engineer a slot machine timer, ATM machine authentication, etc).
Legacy program conversion is a huge opportunity in many areas, especially government, finance, manufacturing, etc. There are mission critical programs that have run for 30 years on an ancient mainframe or mini that no one has source code to. Teams have to reverse engineer the program to convert it to something newer.
The other suggestions about learning Win32 tutorials are great. Also, sadly, some of the best published work is going to be on cracking (games). Search on that and there are a few tutorials out there which show the basics. A class I took used the book "The Art of Computer Virus Research and Defense" by Peter Szor but it was more heavy on the malware ideas and not the exact disassembly part.
Depending on which route you take you will need a background in other things but knowing assembly is going to be your most critical skill. Not just from an "I understand what that code does mostly" standpoint - you should be able to write stuff from scratch and understand exactly what a given bit of code does and understand other ways that same code could be written. Assembly (coding) involves figuring out one solution to a problem and coding it. Disassembly involves figuring out which of many many diverse solutions was used initially to solve the problem - MUCH harder ;)
我读到逆向工程用于安全领域来了解恶意软件和木马的内部工作原理(不太确定病毒)。有关安全领域中使用的逆向工程的文章,请查看 www.openrce.org。
此外,逆向工程并不总是涉及拆卸。对于用 Java 或 C# 等语言编写的应用程序,反编译器通常会比反汇编器产生更多有关代码的信息。
由于我个人对 Win32 逆向工程感兴趣,因此我只能解释我对这个特定操作系统的看法。那么在 Linux 逆向工程方面无法帮助您:(
我找到了 IDA 的免费版本Pro 4.9 是一个出色的反汇编程序,它可以检测系统库,这样您就不会花时间在错误的地方进行修改:) 与 OllyDbg,您已经准备好处理 Win32 的大多数逆向项目了。
如果你走 Win32 路线,你最终需要了解 PE 结构,也许是解包之类的,但现在的关键是了解 x86 汇编。如果您使用 C 等语言完成了 Win32 API 编码,则 Win32 应用程序的反汇编代码相对容易理解。
为了更好地理解 32 位汇编,可以反汇编您自己的应用程序并查看源代码与反汇编输出的对应关系,或者了解如何通过 Iczelion 的 Win32 汇编教程使用汇编语言编写 Win32 API 应用程序。
I've read that reverse-engineering is used in the security field to understand the internal working of malware and trojans (not too sure about viruses). For articles on reverse engineering as used in the security field, check out www.openrce.org.
Also reverse-engineering doesn't always involve disassembly. For applications written in languages like Java or C#, decompilers usually yield more information about the code than disassemblers.
As my personal interest is in Win32 reverse-engineering, I can only explain my opinions for this particular OS. Can't help you in Linux reverse-engineering then :(
I find the freeware version of IDA Pro 4.9 an excellent disassembler. It detects system libraries so that you don't spend time mucking around the wrong places :) Coupled with a debugger like OllyDbg, you're ready to tackle most any reversing projects for Win32.
If you go down the Win32 route, you'll eventually need to understand the PE structure, maybe unpacking and stuff, but the key thing now is to understand x86 assembly. The disassembled code for Win32 apps is relatively easy to understand if you've done Win32 API coding in languages like C.
To better understand 32 bit assembly, either disassemble your own apps and see how your source code correspond to the disassembly output or learn how to code Win32 API apps with assembly language via Iczelion's Win32 Assembly tutorials.
FFMpeg 的当前维护者开始对视频编解码器进行逆向工程,以便使视频能够在 Linux 上运行。他的博客非常有趣,他有一个最近的帖子谈论了一本他希望在开始时拥有的书。
The current maintainer of FFMpeg got his start reverse engineering video codecs so he could get videos to work on Linux. His blog is pretty interesting and he had a recent post talking about a book that he wish he had when he started.
我看到的最大的潜在用途之一是像 samba 这样的项目 (http://www.samba.org/ )
总会有像这样的封闭式专有系统,我们总是需要工程师扭转这些系统,以便其他人也可以使用它。
One of the biggest potential usage I see is project like samba (http://www.samba.org/)
There are always going to be closed proprietary systems like these and we always need engineers to reverse these so others can use it too.
有本书《逆向:逆向工程的秘密》,作者:Eldad Eilam;Elliot Chikofsky
我对你有帮助四个
There is a book Reversing: Secrets of Reverse Engineering written by Eldad Eilam;Elliot Chikofsky
mybe helpfull four you
最近的一项调查表明,应用程序漏洞是大型组织中 IT 管理的主要关注点,因此了解软件的破解方式对于评估应用程序架构和漏洞评估编码非常有用。
Just came across a recent survey indicating that application vulnerability was a major concern of IT management in larger organizations, so knowing how software is cracked could be very useful in evaluating app architecture and coding for vulnerability assessment.