how to reverse engineer software

How to reverse engineer software in a right way

Reversing an engineer software is always a huge problem for many people. They think that this is hard and long process so they ask someone to do this instead of himself or herself. Why do we need to reverse engineer software? This operation is used to check the abilities of the software, to check it for the malware (viruses, Trojan horses etc.) and to research the files to find different kinds of information.

What do we need for reversing of our software?

To make our option possible we need to have basic knowledge in this sphere and special tools to perform operations based on our knowledge. Without knowledge, we cannot understand the structure and basic algorithms of the software or program. Main tools for the reversing are disassemblers and debuggers. We use disassembler to translate the machine code into the program text. We also need debuggers to test programs to find out their problems and solve it in the right way.

How to reverse engineer software?

To make the reversing process in a right way you need to use disassembler to translate the code of the software into the normal text to understand the problem. When you see the code in a normal way and something in it went wrong, you can try to rewrite it using the basic knowledge. With the help of the knowledge, you will know what assemble code you will get in the final stage. Very often software stops working because of the driver that could crash down.

How can we repair it?

In program named TestDriver, you can find the current driver. Than you need to use filter programs to see only important information. We can see that driver is working with the file, so we need to unpack the file and find it into process`s resource section. When we found the resource content, we see that this file is Windows executable file from the moment it has the string «this program cannot be run in DOS mode». Then we check if it`s our driver file.

To do that we need to extract the resource using Resource Hacker and open it in disassembler. We have four listings. In the first, we can see the Unicode string and the structure. In the second listing, we can see the file and where it is located after the creation. Third and fourth listings shows us that the driver takes the Unicode string and writes it into the buffer. To be sure, that we have done everything correct we create a text file and write something on the string. If we see the written words, it means that we have done everything clear and the program is safe for us.


Igor Grigorenko

Add comment