Reverse Analysis (Tool introduction)

First, ollydbg is a debugging analysis tool, mainly used for dynamic debugging.
(a) Overview of the window:

The corresponding functional area of the label in the figure:

Disassembly area: 1, Address, 2, assembly code corresponding to the hexadecimal machine window, 3, Disassembly window, 4, the corresponding comment.

Register Area: 5, register

Data region: 7, the memory address of the data, 8, hexadecimal encoding information, 9 data corresponding ASCII code information

Stack area: 10, Address, 11, data, 12, description information.

(b) Common shortcut keys:

F2: Breakpoint

F3: Loads an executable program.

F4: The program executes to the cursor position.

F5: Shrinks, restores the current window.

F7: Step Into.

F8: One step at a walk.

F9: Run the program directly, at the breakpoint, the program pauses.

CTRL+F2: Re-run the program to the beginning to re-debug the program.

CTRL+F9: Executes to function return, for jumping out of function implementations.

ALT+F9: Executes to user code, to quickly jump out of the function implementation.

Ctrl+g: Enter the hexadecimal address to quickly navigate to the address in the disassembly or data window.

Second, Ida is a static disassembly analysis tool.
Introduction to the View:

IDA view-a: Analysis View window for displaying analysis results, either as a flowchart or as an disassembly code (right-click the text view or graph view toggle).

Hex view-a: Binary view window, open binary information for the file.

Exports: Export function Information window in analysis file.

Imports: The Import Function Information window in the analysis file.

Names: Name window, which parses the label name used in the document.

Functions: The function Information window in the parse file.

Structures: Add structure Information window.

Enums: Add enumeration Information window.

Common shortcut keys:

Enter: Follow up the function implementation to see the address of the label.

ESC: Returns to the follow up point.

A: Interprets the address at the cursor as the first address of a string.

B: hexadecimal vs. binary number conversion

C: Explain that the address at the cursor is an instruction

D: Interpret the address at the cursor as data, and each press will convert the data length of the address.

G: Quick Find to address

H: Hexadecimal number and decimal number conversion.

K: Interpret the data as a stack variable.

;: Add a comment.

M: Interpreted as an enumeration member.

N: Rename.

O: Interpret the address as the data segment offset for the string designator.

T: Interprets the address as a struct member.

X: Convert view to cross reference mode.

SHIFT+F9: Add struct.

Reverse Analysis (Tool introduction)