Reverse engineering is the process of dismantling an object or system to see how it works.
These are compiled files that can be run directly by the computer.
Examples of PE file extensions
| Field | Offset | Description |
|---|---|---|
| e_magic | 0x0000 | The signature that the system recognizes as a valid DOS executable |
| e_cblp | Bytes on last page of file | |
| e_cp | Pages in file | |
| e_crlc | Relocations | |
| e_cparhdr | Size of header in paragraphs | |
| e_minalloc | Minimum extra paragraphs needed | |
| e_maxalloc | Maximum extra paragraphs needed | |
| e_ss | Initial (relative) SS value | |
| e_sp | Initial SP value | |
| e_csum | Checksum | |
| e_ip | Initial IP value | |
| e_cs | Initial (Relative) CS value | |
| e_lfarlc | File address of relocation table | |
| e_ovno | Overlay number | |
| e_res[4] | Reserved words | |
| e_oemid | OEM identifier | |
| e_oeminfo | OEM information | |
| e_res2[10] | Reserved words | |
| e_lfanew | 0x003C | File address of a new exe header |
An ELF is a file format used for executables and shared libraries widely used on Unix-like operating systems including Linux, MacOS and Android.
Examples of ELF extensions
Is analyzing machine code to understand the program's functionality & structure. Involves reversing an executable (.exe)
| Category | Tools |
|---|---|
| Disassemblers | Interactive Disassembler (IDA) |
| Ghidra | |
| Binary Ninja | |
| Radare2 & clutter | |
| Ropper | |
| Capstone | |
| Assemblers | NASM |
| MASM | |
| GNU assembler | |
| Armasm | |
| Hex Editors | 010 editor |
| XXD | |
| HxD | |
| Hexedit | |
| Malcat |
Decompilers are tools that convert binary code back into a higher-level programming language.
Using tools to step through code, examine variables and understand program flow.
Examining binary files to identify patterns, relationships & potential vulnerabilities.