C++ with recognition of data structures, types and construction of programming language from compiled code of assembler is a very complicated process, so the amount of tools that allow such action is very small and if they are good, they are in the same time very expensive.ĭecompilers can be divided basing on categories of software that they are able to analyze. As you can guess, recreating a high level language code, e.g. in the case of DLL dynamic libraries).ĭisassemblers job is to depict application's code in the for of low-level assembler, so if analyzed software was written in C++, Delphi, Visual Basic or any other high-level language compiled to native code, the disassembler will show us its object code in the form of x86 or 圆4 assembler code.ĭecompilers are able or try really hard to recreate original high level code from the code of compiled applications. Thanks to the process of disassembling and decompiling we will know all the functions of the application, what text strings are inside and what fragments of code references to them, what outside functions of the operating system are used by the application or which functions are exported (e.g.
It is their task to analyze compiled, binary file and display its code and structure in a way easy for a human to understand.
With knowledge about what we are dealing with or, to be precise, what programming language and compiler this application was created with, we begin analysis in disassembler or decompiler.
Additionally it has a simple built-in script language, that allows us to add new signature definitions quickly. unpacking the application) Detect It EasyĭIE detector has a database of most popular security systems, including exe-packers, exe-protectors as well as signatures of popular compilers and linkers. If we are not sure what the software that we are looking at was created with, as we have no expertise in distinguishing characteristic features in compiled files (section names, imported libraries, etc.), using identification (or detectors), tools that have signature base of popular compilers, program and cryptographic libraries or application security systems, is worth trying.Ī quick analysis will let us decide what our next step should be (e.g. Apart from that, there is a number of methods of protecting applications and their resources, and all of that affects the final result of binary file image on disk. Apart from applications created in script languages, we can differentiate applications compiled to the processor's native code. There is a wide variety of both programming languages and compilers.
The majority of the dedicated tools, divided into categories presented here, qualify as a material for separate articles however, it was my idea to present as many types of software as possible to show a variety of uses.Ĭomplicated character of reverse engineering software and the process of its creation is often connected with the fact that those programs are also expensive, but I tried to present alternative solutions and free equivalents of presented examples. In this article, I'd like to present dedicated tools, used in reverse engineering, divided into categories.
It is also required to know basis of assembler for 32 and 64 bit platforms, in order to understand properly compiled code in closed-source software, its structure and widely used conceptions and software constructions transformed into binary data.Įven having appropriate knowledge, we will not be able to use it without proper tools.
Reverse engineering is used for example in the fields of software analysis for potential security vulnerabilities (exploitation), malware analysis (antivirus developers) or software and games localization.Īdvanced software analysis requires the knowledge of examined files structure, so most often a knowledge of executable files formats is required, Portable Executable for Windows system or ELF format for Linux type systems. to databases), information on how certain files are encrypted, and so on. algorithms, hidden access passwords (e.g. Reverse engineering or software reversing, is a set of techniques use to analyze closed source software in order to extract seemingly unavailable information, e.g. Advantages and disadvantages, alternative solutions.