Reverse basic Finding important/interesting stuff in the code (1)

Source: Internet
Author: User

Reverse basic Finding important/interesting stuff in the code (1)

V. Search for interesting or important parts of the Code

In modern software design, minimalism is not particularly important.

It is not because programmers write a lot of code, but because many libraries are usually statically linked to executable files. If all the external libraries are moved into the external DLL file, the situation will be different. (Another reason why C ++ uses STL and other template libraries)

Therefore, it is important to determine the source of the function, whether it comes from the standard library or other well-known libraries (such as Boost and libpng), and whether it is related to what we are looking for in the Code.

It is unrealistic to find what we want by rewriting all the C/C ++ code.

A major task of reverse engineers is to quickly locate the target code.

The IDA Disassembly tool allows us to search for text strings, byte sequences, and constants. You can even export it as a. lst or. asm file, and use tools such as grep and awk for further analysis.

When you try to understand some code functions, some open-source libraries are easier to understand than libpng. If you are familiar with some constants or text strings, you can use google to search for them. If you find that they use open-source projects in some places, you just need to compare the functions. These methods can solve some problems.

For example, if a program uses an XML file, the first step is to determine which XML library is used. Generally, standard libraries (or well-known libraries) are used instead of self-written libraries.

For another example, I tried to understand how to compress and decompress the Network Package in SAP 6.0. The entire software is very large, but there is a. PDB file containing detailed debug information at hand, which is very convenient. Finally, I found a function responsible for extracting the Network Package, called CsDecomprLZC. I immediately searched for the function name using google and found that MaxDB (an open-source SAP project) also used this function. Http://www.google.com/search? Q = CsDecomprLZC

Then I was surprised to find that MaxDB and SAP 6.0 use the same code to process compressed and decompressed network packets.

Chapter 2 Recognition of executable files 55.1 Microsoft Visual C ++

The following MSVC versions and DLL files can be imported:

Msvcp *. dll contains C ++ functions. Therefore, if such dll is imported, it can be assumed that it is a C ++ program.

55.1.1 naming Management

The name is usually named by question mark? Start.

Obtain

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.