Well given the recent take down of reverse-engineering.net for unknown reasons I’ve decided to mirror some content here. I’ve formatted out some of the bits like user posts identities and cleaned up some formatting. Other than that I have NOT link checked so not sure what are good/bad links here. Hope you find it useful and woodmann.com will probably mirror the entire archive before to long.
What do I learn first?
1 ) visit http://video.reverse-engineering.net/ to view some reversing videos that train you in the RCE basis. 2 ) check http://www.crackmes.de to find some visual solution submitted for crackmes. 3 ) Try to repeat the shown steps, and reproduce them with other crackmes. This will bring you quickly to practice. 4 ) Learn ‘on-demand’ what you need to know over the time by using linked resources about languages, apis, forum etc. you can find in this section.
—>> path 2:
1 ) read http://www.cplusplus.com/doc/tutorial/ up to “Compound Data Types:” included 2 ) read http://www.winprog.org/tutorial/ up to “Graphics Device Interface” included (use the Win32 help file -below- to understand Win32 functions better) 3 ) Now you know the Win32 basis, select an Assembler Ebook/tutorial and start learning a bit of assembler -the more, the better. 4 ) Take Olly -below-, go to http://www.crackmes.de and select some crackme level 1 5 ) read the solution of 2-4 solved crackmes of level 1!! 6 ) select a solved crackme lvl1 and try to solve it. If you have problems, read the solution and TRY TO DO the steps of the solver. 7 ) goto 6 until you solve lvl1 crackmes very easily 8 ) Increase level difficulty by 1, goto 5!
1. Full Newbie Tutorials 2. Challenges and Tutorials at *any* level 3. Tutorials, Papers, Documentation, Books (all Free) 4. Learning Programming Languages (ASM etc.) 5. Debuggers/Disassemblers 6. Tools of Our Trade 7. Linux Related 8. Suggested Books (not free) 9. Advanced Reversing Papers/Material 10. Hacking over the Net… ————————
Very Assembler Basis, SICE Usage, Basic Techniques. A very good set of tutorials from LoRd HrUn. Also explains what is the ‘stuff’ you see when you open a debugger for the first time… (link is missing for now, to be restored)
Lessons for Newbies http://evilteach.8k.com/ : a collection of 4 lessons with material that explain you what mean the things you see when you start reversing a program.
2. Challenges and Tutorials at *any* level: ————————
Challenges for Crackers, at any Level http://crackmes.de/ ; you can find many legal crackmes(=stuff you can legally crack) here to test your skills Being sorted by difficult grade -most of them offers one or more TUTORIAL for their solution-, it is also the biggest tutorial collection available today.
(note: material for learning languages is in the appropriate section!)
Win32 API Help File http://www.borland.c...es/BC52HLP1.ZIP ; here you can download the Win32 help file for the external link with Olly. Do not even THINK to do without this. API reference is essential, so take it if you haven’t it yet.
Win32 Basis http://www.winprog.o...rial/index.html ; here you learn the true basis of Win32 API programming, in C. Just read it ALL. The more you know about Windows, the better you understand what’s happen when reversing code.
Introduction to Cryptography (full free ebook) http://www.cacr.math.uwaterloo.ca/hac/ The “Handbook of Applied Cryptography”, a cool free e-book on cryptography. Excellent as a quick reference.
Introduction to Cryptography (full course) http://www.cs.washin...s/csep590/06wi/ ; a whole course that introduces to cryptography and ciphers, with all the materials and assignments online!! A very good starting point for cryptos.
Inject code, General Reversing Introduction Tutorial/Document http://www.codeproje.../inject2exe.asp ; this article contains clean references to the basic tools (ResHacker, Debuggers, Disassemblers) and exaplian also how to inject code into an executable.
Article on PE Header at Code-Breakers Journal (CBJ) http://www.secure-so...task=view&id=60 ; contains a very detailed and easy explanation of all the PE sections (IAT -Import Address Table, EAT -Export Address Table, Sections, Directories, Resources etc.) how alter them and what they are. From beginners to experts.
PE Header Reference this text contains a description of the PE Header which is good to keep as a quick reference. For learning the PE header structure and fields, I suggest the above CBJ article.
Quick Assembler Reference a quick reference to pentium ASM instructions. Just click the initial letter, and select the ASM mnemonic. Very handy (especially if you download the whole site into your HD )
Adding Sections to PE, RVAs and Import table, loaders/patcher code http://www.sunshine2k.de/Articles.htm ; this site contains some small, very basic articles on PE, Import table, Basic DLL Injection and loader’s coding.
4. Learning Languages (ASM etc.): ————————
Learning Assembler Language E-BOOK (A) hxxp://webster.cs.ucr.edu/ ; the HLA Assembler home page. An excellent, free EBOOK for learning Assembler, “The Art of Assembly Language”, with HLA compiler and many tools. The site has a Linux section.
Learning Assembler Language E-BOOK ( http://www.drpaulcarter.com/pcasm/ ; this site contains an *excellent* free EBOOK that teaches Assembler language from scratch. Translated in various languages. Pretty good. If you are not interested in HLA, this is a valid alternative.
Rapid Application Development with MASM/HLA hxxp://www.radasm.com/ ; a R.A.D. IDE for the MASM/HLA assembler (and the links to masm32 Compiler and related stuff). Note: the Masm32 compiler contains the famous Iczelion’s tutorials on Assembler language in the “X:\masm32\icztutes” folder.
Freeware C++/Pascal http://www.bloodshed.net/ ; If you need a free compiler for writing your keygens, you can find there a C++ or a Pascal one. The C++ core is the GNUCPP.
Freeware Borland C++ 5.5 hxxp://www.winprog.org/tutorial/bcpp.html ; this page gives all the needed links to download BC++5, with a bit of explanation.
12 lessons on Assembler and RosASM http://rosasm.org ; RosASM Assembler contains 12 lessons on basic assembly, written with a “generic syntax” so that the beginner could, later, switch, with as few problems as possible, to the Assembler he will finally choose.
5. Debuggers/Disassemblers: ———————— (note: Ring0 means you can use it for debugging Kernel Drivers, and generally it is tougher to use than Ring3 debuggers)
OLLY http://ollydbg.de/ ; the home of the most used Ring-3 Debugger, OllyDebug. A must have. (ps: you can find a link to the Win32 help file below)
SYSER http://www.sysersoft.com/ ; Syser is an excellent, visual Ring0 (and Ring3) debugger. It is not yet very stable but, if it works for you, it’s very cool.
PVDASM http://pvdasm.reverse-engineering.net/ ; PVDasm is a very interesting Disassembler project, made by Ben and supported in this Board. It also allows you to export code directly MASM syntax format.
Shadow’s OLLY hxxp://navig8.to/Shadow/ ; a modded Olly… a charged bazooka :twisted: …usage: when needed.
6. Tools of Our Trade: ————————
FILEMON, REGMON hxxp://www.sysinternals.com/FileAndDiskUtilities.html This is the home of the Marc guru and of our first, must-have TOTs. A very interesting site to visit, from time to time. And a source of useful tools.
LordPE hxxp://www.softpedia.com/get/Programming/File-Editors/LordPE.shtml This tool enables you to explore and alter PE Header. You can modify/add sections, directories, IAT, and more. It is also a Dumper Server, in case you need.
7. Linux Related: ———————— Well, the HLA home site listed above, for Assembly on Linux.
ASSEMBLER E-BOOK http://savannah.nong...ojects/pgubook/ ; a good free ebook that teaches Assembler from scratch, explaining even what a “word” is. “Small” drawback: AT&T Assembler syntax 8O .
NASM Assembler hxxp://nasm.sourceforge.net/ ; a free assembler for Linux. On SourceForge, so you can work TO it, if you wish.
GNU Debugger hxxp://www.gnu.org/software/gdb/gdb.html/ ; the GNU project debugger. It can run on both Linux&Windows, and support remote debugging.
8. Suggested Books (not free) ————————
Reversing: Secrets of Reverse Engineering http://www.amazon.co...5Fencoding=UTF8 ; a good book for learning the basis of reversing engineering. Probably one of the best to start with. Worth its money.
Rootkits : Subverting the Windows Kernel http://www.amazon.co...5Fencoding=UTF8 ; an ADVANCED book, not a reading for a newbie -at all. Consider it when you wish to go a true ‘step ahead’ in reversing. Many techniques you otherwise learn ‘the hard way’ (sigh!) are clearly explained and shown there, a must-have. Worth its money.
9. Advanced Reversing Papers/Material ————————
Reversing an Application -Analysis Example http://www.honeynet....ns/scan33/nico/ ; an excellent discussion on reversing and anti-reversing techniques, from PE header to anti-debugging and virtual machines.
Disassembler and other tools hxxp://www.cybertech.net/~sh0ksh0k/projects/ ; a set of utilities that covers DLL injection on live/suspended, tracer, c parser (why not using yacc?) port redirector etc.
PE Import Table structure and Redirection hxxp://www.codeproject.com/useritems/inject2it.asp ; this article contains images and explanation of what the Import Table is, and how it can be redirected.
10. Hacking over the Net… ————————
Introduction to Hacking hxxp://www.pulltheplug.org/wargames/vortex/ ; a wargame made for newbies to teach (anti-)hacking and C programming. Will teach you how manage basic exploitation techniques (and yes, tells you what an exploit is).
———————— Also, I suggest to google for the “programmers tools”, the org one Last edited by Maximus on 07-26-2007 08:29 AM, edited 65 times in total.
Online x86 Disassembler ———————————- PVPHP – Online Disassembler – PVPHP Is the First ever seen x86 Online Disassembler, which is capable of disassembling a PE based executable files.
I think the official vendor manual can be a good source of information too. Especially the volumes on system programming. IA-32 IntelÂ® Architecture Software Developer’s Manuals AMD64 Architecture Tech Docs
ARM Documentation AVR Documentation SH4/5 SuperH Documentation
Article on PE Header at Code-Breakers Journal (CBJ) contains a very detailed and easy explanation of all the PE sections (IAT -Import Address Table, EAT -Export Address Table, Sections, Directories, Resources etc.) how alter them and what they are. From beginners to experts. http://www.codebreak...layout=abstract ;