Introduction to Reverse Engineering Software

Revision History
Revision $Revision: 1.3 $$Date: 2003/07/06 17:22:18 $


This book is an attempt to provide an introduction to reverse engineering software under both Linux and Windows. Since reverse engineering is under legal fire, the authors figure the best response is to make the knowledge widespread. The idea is that since discussing specific reverse engineering feats is now illegal in many cases, we should then discuss general approaches, so that it is within every motivated user's ability to obtain information locked inside the black box. Furthermore, interoperability issues with closed-source proprietary systems are just plain annoying, and something needs to be done to educate more open source developers as to how to implement this functionality in their software.


This book is actively being updated, and we are looking for a publisher. Please contact the authors if you are interested in helping to publish this book or know someone who would be.


TO SLASHDOT READERS: Yes, this book is incomplete. Yes it has mistakes. Yes, we are working as hard as we can to fix them. Please email the authors directly rather than simply ranting/flaming on slashdot. We will take your comments into consideration, and will list you in the credits. We've already built up a large queue of fixes thanks to helpful emails.

Table of Contents

1. Introduction
2. The Compilation Process
3. Gathering Info
4. Determining Program Behavior
5. Determining Interesting Functions
6. Understanding Assembly
7. Debugging
8. Executable formats
9. Understanding Copy Protection
10. Code Modification
11. Network Application Interception
12. Buffer Overflows
13. TODO (Contribute!)
14. Extra Resources

List of Figures

1.1. Exploring a Hypothesis Space
2.1. The compilation Process
3.1. Netstat output