逆向工程初学者 [英] Reverse engineering beginner
问题描述
我的理解:假设我有一个基本程序,例如.exe(我在Windows上)。它完全在机器代码中,它只是一堆1和0的字面意思。它显然是不可读的,我做的第一件事就是在我的.exe上运行一个反汇编程序,它将它变成汇编语言,几乎不可读。最后一步是运行我选择的反编译器,将汇编语言转换为所选编程语言中源代码的相似性。
问题:理论不是'很难,但是当我开始试图扭转一些基本的.exe时,我在解密和反编译方面都遇到了很多问题。在早期,大多数工具总是说我的程序是一些不可接受的类型而不是CLR,无论这意味着什么。在后者中,如果我很幸运并生成一些汇编代码,则没有一个反编译器想要接受它,因为它缺少元数据或一些。我是b $ b
问题:如果你知道我所处的情况,请告诉我你最好使用哪种软件组合进行反向的建议。也许任何伟大的书籍都是反向的终极指南。任何,任何形式的帮助将不胜感激。
非常感谢提前。
< b>我尝试了什么:
反编译器:JustDecompile,Snowman
In Windows有两种形式的EXE文件:Native和CLR。
Native就是这样:Windows和x86架构原生。
CLR不同:它们使用Common语言运行时是一个伪机器代码,在应用程序运行时由JIT引擎编译为本机代码,仅适用于基于.NET的应用程序(大多数但不完全用C#或VB编写)。
CLR应用程序可以反向设计以生成C#或VB代码(具有不同的有效性,具体取决于在创建时应用的混淆和优化级别)。
原生应用?没那么多。本机应用程序可以用任何东西编写:机器代码,C,C ++,或者当时的组合,并使用许多不同的编译器之一。这意味着Native应用程序不是一个好的逆向工程前景,因为它们可能不是用您期望的高级语言编写的,并且可能已经应用了更多极端优化 - 这两者都意味着您可能使用任何C ++代码自动创建exe可能与原始源代码很少或没有相似之处。
代码难以逆向工程的原因:它们主要涉及智能属性 - 您不拥有源代码,原作者不想将它提供给您;他们投入了大量的工作和金钱来使其正确起作用,并且没有理由为什么你应该能够复制它......
Hi guys. I started practicing reverse engineering some time ago. I read a lot about physics of the process as well as different tools but still a bit confused. Correct me if I am wrong.
My understanding: let’s say I have a basic program which is .exe for example (I am on Windows). It is entirely in machine code, which is just a bunch of 1’s and 0’s just literally. It is clearly unreadable and the first thing I do is run a disassembler on my .exe which turns it into assembly language which hardly human readable. The last step is to run a decompiler of my choice that turns the assembly language into a resemblance of the source code in a chosen programming language.
Problems: theory isn’t very difficult, nonetheless when I started trying to reverse some basic .exe’s I ran into a lot of issues in both dissembling and decompiling. In the earlier, most tools always say my programs are of some unacceptable type and not CLR whatever that means. In the latter, in case I get lucky and produce some assembly code, none of the decompilers want to accept it since it is missing metadata or some. I
Question: If you know the situation I am in, please give me your advice about which software combination is best to use for reverse. Maybe any great books that are ultimate guides on reverse. Any, any kind of help will be much appreciated.
Thanks very much in advance.
What I have tried:
Decompilers: JustDecompile, Snowman
In Windows there are two forms of EXE file: Native and CLR.
Native are just that: native to Windows and the x86 architecture.
CLR are different: they use the Common Language Runtime which is a "pseudo machine code" that is compiled to Native code by the JIT engine as the app is running, and only apply to .NET based applications (mostly but not exclusively written in C# or VB).
CLR apps can be reversed engineered to produce C# or VB code (with varying effectiveness depending on the levels of obfuscation and optimisation applied when it was created).
Native apps? Not so much. Native apps could have been written in anything: machine code, C, C++, or a combination of then, and using one of many, many different compilers. THis means that Native apps are not a good "reverse engineering" prospect, as they may well have not been written in the high level language you expect, and may have had more extreme optimisations applied - both of which means that any C++ code you might create from the exe automatically may bear little or no resemblance to the original source code.
There are reasons for code to be difficult to reverse engineer: and they mostly concern Intellectual Property - you don't own the source code and the original authors don't want to give it to you; they invested a lot f work and money in getting it right in the first place and see no reason why you should be able to copy it...
这篇关于逆向工程初学者的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
