LinuxQuestions.org
Go Job Hunting at the LQ Job Marketplace
Go Back   LinuxQuestions.org > Forums > Non-*NIX Forums > General
User Name
Password
General This forum is for non-technical general discussion which can include both Linux and non-Linux topics. Have fun!

Notices


Reply
  Search this Thread
Old 01-28-2013, 07:50 AM   #16
johnsfine
LQ Guru
 
Registered: Dec 2007
Distribution: Centos
Posts: 5,271

Rep: Reputation: 1163Reputation: 1163Reputation: 1163Reputation: 1163Reputation: 1163Reputation: 1163Reputation: 1163Reputation: 1163Reputation: 1163

Quote:
Originally Posted by jokar.mohsen View Post
I want to Learn assembly langauge for Reverse engineering, Do you have any idea?
I don't want to discourage learning asm. But reverse engineering methods that involve asm level work are an enormous amount of effort (even after you are an asm expert) for very little benefit, and even then much of the benefit would likely be illegal.

If you still want to learn asm for reverse engineering, then the choice of architecture is determined by what you want to reverse engineer. Also the choice of what approach you take to asm is influenced by what you want to reverse engineer.

If you want to reverse engineer any kind of ordinary programs, then you need to start with learning how to write asm functions callable from C (as I suggested earlier).

Some asm tutorials start from boot code, which is a very specialized topic and useless if you want to reverse engineer anything other than boot code.

Most other asm tutorials start with tiny whole programs, which also involves a lot of specialized, but otherwise useless, information. Before you understand those topics, you might imagine reverse engineering whole programs requires that knowledge. But it actually doesn't. The techniques used when the whole program must be asm don't appear anywhere in the compiled code when the main program is in a high level language. Something similar might appear in the compiled code of the basic system .so or .a files (.lib or .dll in Windows) the executable was linked against. But you don't need to reverse engineer those. You have their C source code.

I did a quick search for my previous replies to related questions that I think are relevant for you. I found this post
http://www.linuxquestions.org/questi...9/#post4661549
I found a whole lot of useful posts in this thread
http://www.linuxquestions.org/questi...rn-asm-793174/

Last edited by johnsfine; 01-28-2013 at 08:13 AM.
 
Old 01-28-2013, 08:11 AM   #17
jokar.mohsen
Member
 
Registered: Jul 2008
Location: Tehran
Posts: 441

Original Poster
Rep: Reputation: 22
Quote:
Originally Posted by johnsfine View Post
I don't want to discourage learning asm. But reverse engineering methods that involve asm level work are an enormous amount of effort (even after you are an asm expert) for very little benefit, and even then much of the benefit would likely be illegal.

If you still want to learn asm for reverse engineering, then the choice of architecture is determined by what you want to reverse engineer. Also the choice of what approach you take to asm is influenced by what you want to reverse engineer.

If you want to reverse engineer any kind of ordinary programs, then you need to start with learning how to write asm functions callable from C (as I suggested earlier).

Some asm tutorials start from boot code, which is a very specialized topic and useless if you want to reverse engineer anything other than boot code.

Most other asm tutorials start with tiny whole programs, which also involves a lot of specialized, but otherwise useless, information. Before you understand those topics, you might imagine reverse engineering whole programs requires that knowledge. But it actually doesn't. The techniques used when the whole program must be asm don't appear anywhere in the compiled code when the main program is in a high level language. Something similar might appear in the compiled code of the basic system .so or .a files (.lib or .dll in Windows) the executable was linked against. But you don't need to reverse engineer those. You have their C source code.
I want to do Malware analysis, Do you have any suggestion?
 
Old 01-28-2013, 08:21 AM   #18
johnsfine
LQ Guru
 
Registered: Dec 2007
Distribution: Centos
Posts: 5,271

Rep: Reputation: 1163Reputation: 1163Reputation: 1163Reputation: 1163Reputation: 1163Reputation: 1163Reputation: 1163Reputation: 1163Reputation: 1163
Quote:
Originally Posted by jokar.mohsen View Post
I want to do Malware analysis, Do you have any suggestion?
x86-64, not 32-bit x86 nor any other (more obsolete) architecture. Use of 32-bit is declining and you are still learning.

If you learn x86-64 quickly, you can go back and learn the differences between that and 32-bit. Both are still relevant for malware analysis if you learn a lot soon.

Beyond that, what I said earlier still applies. For understanding most malware the first and most important aspect of asm to understand is the mechanism by which one function calls another, including how parameters are passed, how local variables are allocated by the new function, what registers are preserved, how results are returned, and how everything unwinds correctly (or not) during the return.
 
Old 01-28-2013, 09:40 AM   #19
dugan
LQ Guru
 
Registered: Nov 2003
Location: Canada
Distribution: Slackware
Posts: 5,845

Rep: Reputation: 1819Reputation: 1819Reputation: 1819Reputation: 1819Reputation: 1819Reputation: 1819Reputation: 1819Reputation: 1819Reputation: 1819Reputation: 1819Reputation: 1819
Reverse engineering? I haven't read this book, but gets its fair share of recommendations: http://www.amazon.com/dp/0764574817
 
Old 01-28-2013, 01:00 PM   #20
Thor_2.0
Senior Member
 
Registered: Nov 2007
Location: Somewhere on my hard drive...
Distribution: Manjaro
Posts: 2,374
Blog Entries: 23

Rep: Reputation: 327Reputation: 327Reputation: 327Reputation: 327
Edited stuff out - irrelevant ranting, not usefull for OP, sorry gang...
(excusing myself from this thread...)

Last edited by Thor_2.0; 01-28-2013 at 03:05 PM.
 
Old 01-29-2013, 05:21 AM   #21
jokar.mohsen
Member
 
Registered: Jul 2008
Location: Tehran
Posts: 441

Original Poster
Rep: Reputation: 22
Thank you So much
 
Old 01-29-2013, 08:05 AM   #22
sundialsvcs
LQ Guru
 
Registered: Feb 2004
Location: SE Tennessee, USA
Distribution: Gentoo, LFS
Posts: 5,834

Rep: Reputation: 1332Reputation: 1332Reputation: 1332Reputation: 1332Reputation: 1332Reputation: 1332Reputation: 1332Reputation: 1332Reputation: 1332Reputation: 1332
Oh, heck ... maybe I'm just an old mainframe-junkie at heart who learned IBM Assembler early-on and did a lot of work with it ... if your brain is "wire"d the right way, computer hardware architecture (seen from software's point-of-view) can be interesting.

Especially since pocket-protectors come in lots of sexy colors! (So do nerdy glasses.)

(what? what? why of course there is a "pocketprotectors.com"!)
 
Old 05-29-2013, 04:05 PM   #23
dugan
LQ Guru
 
Registered: Nov 2003
Location: Canada
Distribution: Slackware
Posts: 5,845

Rep: Reputation: 1819Reputation: 1819Reputation: 1819Reputation: 1819Reputation: 1819Reputation: 1819Reputation: 1819Reputation: 1819Reputation: 1819Reputation: 1819Reputation: 1819
Impossible Programs: a great lecture on some of computer science's most important subjects - Boing Boing

Quote:
Here's a 40-minute video in which Tom Stuart gives a talk summarizing one of the chapters from him new book Understanding Computation, describing the halting state problem and how it relates to bugs, Turing machines, Turing completeness, computability, malware checking for various mobile app stores, and related subjects. The Halting State problem -- which relates to the impossibility of knowing what a program will do with all possible inputs -- is one of the most important and hardest-to-understand ideas in computer science, and Stuart does a fantastic job with it here. You don't need to be a master programmer or a computer science buff to get it, and even if you only absorb 50 percent of it, it's so engagingly presented, and so blazingly relevant to life in the 21st century, that you won't regret it.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
port 22: no rote to host but in other computer it works!!!!! Please Help kfree Linux - Networking 5 10-26-2009 03:06 PM
Fedora Live USB Works on one computer but not on another FedoraLinuxLover Linux - Laptop and Netbook 70 08-05-2009 12:52 PM
flash no longer works after computer reboot sycamorex Linux - Software 1 09-07-2008 06:46 AM
Samba works with one windows computer, but not the other? MiniMe001 Linux - Networking 1 09-16-2006 05:39 PM
sata only works when computer is fully booted trscookie Ubuntu 2 04-23-2005 08:06 AM


All times are GMT -5. The time now is 12:31 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration