Introduction to Reverse Engineering Software in Linux

Revision History
Revision $Revision: 1.26 $$Date: 2002/09/18 06:54:57 $

Table of Contents
1. Introdution
1.1. What is reverse engineering?
1.2. Why reverse engineer?
1.3. Legal issues
2. The Linux Compilation Process
2.1. Intro
2.2. gcc
2.3. gcc -E (Preprocessor Stage)
2.4. gcc -S (Parsing+Translation Stages)
2.5. as (Assembly Stage)
2.6. ld/collect2 (Linking Stage)
3. Gathering Info
3.1. ldd
3.2. nm
3.3. /proc
3.4. netstat
3.5. lsof
3.6. fuser
4. Determining Program Behavior
4.1. strace/truss(Solaris)
4.2. ltrace
4.3. LD_PRELOAD
4.4. gdb
5. Determining Interesting Functions
5.1. Reconstructing function & control information
5.2. Consider the objective
5.3. Finding key functions
5.4. Plotting out program flow
6. Understanding Assembly
6.1. Registers
6.2. The stack
6.3. Two's complement
6.4. Reading Assembly
6.5. Know Your Compiler
7. Writing Standalone Assembly
7.1. Instructions with side-effects
7.2. Opcode Tables
7.3. Using GNU as
7.4. Conventions on saving registers
7.5. Using Library Functions
8. Working with the ELF Program Format
8.1. ELF Layout
8.2. Editing ELF
9. Understanding Copy Protection
10. Code Modification
10.1. Reasons for Code Modification
10.2. Instruction Modification
10.3. Single Instruction Insertion
10.4. Single Function Insertion
10.5. Multiple Function Insertion
10.6. Attacking copy protection
11. Buffer Overflows
11.1. Stack Overflows
11.2. 1-Byte Overflows
11.3. Returning to Libc
11.4. Attacking Countermeasures
11.5. Heap Overflows
11.6. Attacking hard copy protection
12. TODO (Contribute!)
12.1. Write assembly tutorial section
12.2. Create Diagrams & example outputs
12.3. More detail
12.4. Update disasm.pl
12.5. Do this for windows
12.6. Do this for protocols
12.7. Do this for hardware
13. Extra Resources
13.1. ELF Binary Specification
13.2. Other Resources and amusements

1. Introdution