LinuxQuestions.org
Go Job Hunting at the LQ Job Marketplace
Go Back   LinuxQuestions.org > Forums > Non-*NIX Forums > General
User Name
Password
General This forum is for non-technical general discussion which can include both Linux and non-Linux topics. Have fun!

Notices



Reply
 
Search this Thread
Old 01-28-2013, 08:50 AM   #16
johnsfine
Guru
 
Registered: Dec 2007
Distribution: Centos
Posts: 5,139

Rep: Reputation: 1127Reputation: 1127Reputation: 1127Reputation: 1127Reputation: 1127Reputation: 1127Reputation: 1127Reputation: 1127Reputation: 1127

Quote:
Originally Posted by jokar.mohsen View Post
I want to Learn assembly langauge for Reverse engineering, Do you have any idea?
I don't want to discourage learning asm. But reverse engineering methods that involve asm level work are an enormous amount of effort (even after you are an asm expert) for very little benefit, and even then much of the benefit would likely be illegal.

If you still want to learn asm for reverse engineering, then the choice of architecture is determined by what you want to reverse engineer. Also the choice of what approach you take to asm is influenced by what you want to reverse engineer.

If you want to reverse engineer any kind of ordinary programs, then you need to start with learning how to write asm functions callable from C (as I suggested earlier).

Some asm tutorials start from boot code, which is a very specialized topic and useless if you want to reverse engineer anything other than boot code.

Most other asm tutorials start with tiny whole programs, which also involves a lot of specialized, but otherwise useless, information. Before you understand those topics, you might imagine reverse engineering whole programs requires that knowledge. But it actually doesn't. The techniques used when the whole program must be asm don't appear anywhere in the compiled code when the main program is in a high level language. Something similar might appear in the compiled code of the basic system .so or .a files (.lib or .dll in Windows) the executable was linked against. But you don't need to reverse engineer those. You have their C source code.

I did a quick search for my previous replies to related questions that I think are relevant for you. I found this post
http://www.linuxquestions.org/questi...9/#post4661549
I found a whole lot of useful posts in this thread
http://www.linuxquestions.org/questi...rn-asm-793174/

Last edited by johnsfine; 01-28-2013 at 09:13 AM.
 
Old 01-28-2013, 09:11 AM   #17
jokar.mohsen
Member
 
Registered: Jul 2008
Location: Tehran
Posts: 408

Original Poster
Rep: Reputation: 18
Quote:
Originally Posted by johnsfine View Post
I don't want to discourage learning asm. But reverse engineering methods that involve asm level work are an enormous amount of effort (even after you are an asm expert) for very little benefit, and even then much of the benefit would likely be illegal.

If you still want to learn asm for reverse engineering, then the choice of architecture is determined by what you want to reverse engineer. Also the choice of what approach you take to asm is influenced by what you want to reverse engineer.

If you want to reverse engineer any kind of ordinary programs, then you need to start with learning how to write asm functions callable from C (as I suggested earlier).

Some asm tutorials start from boot code, which is a very specialized topic and useless if you want to reverse engineer anything other than boot code.

Most other asm tutorials start with tiny whole programs, which also involves a lot of specialized, but otherwise useless, information. Before you understand those topics, you might imagine reverse engineering whole programs requires that knowledge. But it actually doesn't. The techniques used when the whole program must be asm don't appear anywhere in the compiled code when the main program is in a high level language. Something similar might appear in the compiled code of the basic system .so or .a files (.lib or .dll in Windows) the executable was linked against. But you don't need to reverse engineer those. You have their C source code.
I want to do Malware analysis, Do you have any suggestion?
 
Old 01-28-2013, 09:21 AM   #18
johnsfine
Guru
 
Registered: Dec 2007
Distribution: Centos
Posts: 5,139

Rep: Reputation: 1127Reputation: 1127Reputation: 1127Reputation: 1127Reputation: 1127Reputation: 1127Reputation: 1127Reputation: 1127Reputation: 1127
Quote:
Originally Posted by jokar.mohsen View Post
I want to do Malware analysis, Do you have any suggestion?
x86-64, not 32-bit x86 nor any other (more obsolete) architecture. Use of 32-bit is declining and you are still learning.

If you learn x86-64 quickly, you can go back and learn the differences between that and 32-bit. Both are still relevant for malware analysis if you learn a lot soon.

Beyond that, what I said earlier still applies. For understanding most malware the first and most important aspect of asm to understand is the mechanism by which one function calls another, including how parameters are passed, how local variables are allocated by the new function, what registers are preserved, how results are returned, and how everything unwinds correctly (or not) during the return.
 
Old 01-28-2013, 10:40 AM   #19
dugan
Senior Member
 
Registered: Nov 2003
Location: Canada
Distribution: distro hopper
Posts: 4,984

Rep: Reputation: 1555Reputation: 1555Reputation: 1555Reputation: 1555Reputation: 1555Reputation: 1555Reputation: 1555Reputation: 1555Reputation: 1555Reputation: 1555Reputation: 1555
Reverse engineering? I haven't read this book, but gets its fair share of recommendations: http://www.amazon.com/dp/0764574817
 
Old 01-28-2013, 02:00 PM   #20
Thor_2.0
Senior Member
 
Registered: Nov 2007
Location: Somewhere on my hard drive...
Distribution: Manjaro
Posts: 2,227
Blog Entries: 23

Rep: Reputation: 279Reputation: 279Reputation: 279
Edited stuff out - irrelevant ranting, not usefull for OP, sorry gang...
(excusing myself from this thread...)

Last edited by Thor_2.0; 01-28-2013 at 04:05 PM.
 
Old 01-29-2013, 06:21 AM   #21
jokar.mohsen
Member
 
Registered: Jul 2008
Location: Tehran
Posts: 408

Original Poster
Rep: Reputation: 18
Thank you So much
 
Old 01-29-2013, 09:05 AM   #22
sundialsvcs
Guru
 
Registered: Feb 2004
Location: SE Tennessee, USA
Distribution: Gentoo, LFS
Posts: 5,455

Rep: Reputation: 1172Reputation: 1172Reputation: 1172Reputation: 1172Reputation: 1172Reputation: 1172Reputation: 1172Reputation: 1172Reputation: 1172
Oh, heck ... maybe I'm just an old mainframe-junkie at heart who learned IBM Assembler early-on and did a lot of work with it ... if your brain is "wire"d the right way, computer hardware architecture (seen from software's point-of-view) can be interesting.

Especially since pocket-protectors come in lots of sexy colors! (So do nerdy glasses.)

(what? what? why of course there is a "pocketprotectors.com"!)
 
Old 05-29-2013, 05:05 PM   #23
dugan
Senior Member
 
Registered: Nov 2003
Location: Canada
Distribution: distro hopper
Posts: 4,984

Rep: Reputation: 1555Reputation: 1555Reputation: 1555Reputation: 1555Reputation: 1555Reputation: 1555Reputation: 1555Reputation: 1555Reputation: 1555Reputation: 1555Reputation: 1555
Impossible Programs: a great lecture on some of computer science's most important subjects - Boing Boing

Quote:
Here's a 40-minute video in which Tom Stuart gives a talk summarizing one of the chapters from him new book Understanding Computation, describing the halting state problem and how it relates to bugs, Turing machines, Turing completeness, computability, malware checking for various mobile app stores, and related subjects. The Halting State problem -- which relates to the impossibility of knowing what a program will do with all possible inputs -- is one of the most important and hardest-to-understand ideas in computer science, and Stuart does a fantastic job with it here. You don't need to be a master programmer or a computer science buff to get it, and even if you only absorb 50 percent of it, it's so engagingly presented, and so blazingly relevant to life in the 21st century, that you won't regret it.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
port 22: no rote to host but in other computer it works!!!!! Please Help kfree Linux - Networking 5 10-26-2009 04:06 PM
Fedora Live USB Works on one computer but not on another FedoraLinuxLover Linux - Laptop and Netbook 70 08-05-2009 01:52 PM
flash no longer works after computer reboot sycamorex Linux - Software 1 09-07-2008 07:46 AM
Samba works with one windows computer, but not the other? MiniMe001 Linux - Networking 1 09-16-2006 06:39 PM
sata only works when computer is fully booted trscookie Ubuntu 2 04-23-2005 09:06 AM


All times are GMT -5. The time now is 11:00 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration