LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Programming (http://www.linuxquestions.org/questions/programming-9/)
-   -   What is the best way to learn Reverse Engineering? (http://www.linuxquestions.org/questions/programming-9/what-is-the-best-way-to-learn-reverse-engineering-4175451082/)

jokar.mohsen 02-21-2013 05:29 AM

What is the best way to learn Reverse Engineering?
 
Hello Folks.
What is the best way to learn RE? If possible please show me some books step by step.

Thank you so much

Habitual 02-21-2013 08:01 AM

Have any programming skills?

jokar.mohsen 02-23-2013 02:03 AM

Yes, C\C++, Python and asm but not expert.

stringchopper 02-23-2013 05:55 AM

Quote:

Originally Posted by jokar.mohsen (Post 4897984)
Yes, C\C++, Python and asm but not expert.

When I was interested in this, I learned a lot by using Ollydbg (http://www.ollydbg.de/) - this is windows software... I'm not sure if you can get something similar in Linux. If you're on Ubuntu, you might be able to get Red Hat's "Insight" to work (from a 3rd party PPA - google it). Or you might check out Code::Blocks at www.codeblocks.org/
In any event, you need a good gui disassembler - something where you can watch multiple memory registers at the same time, or at least the flags, stack, and one or two memory locations.

Check out http://tuts4you.com - they have some really nice tutorials on RE and cracking. While cracking, in some contexts, may be a bit 'immoral', learning to do that will definitely help you to learn RE. Download and step through these examples. But, you might want to use windows in Virtual Box on Linux, rather than a production environment or your personal computer at home... some of those asm / RE tuts are flagged as viruses by one or two AV engines. The official explanation, IIRC, is that they were so small in footprint that many AV's got confused. Just be careful, and have fun with them!

EDB is a linux app that you can use - it's written with the specific goal of emulating Ollydbg.
http://codef00.com/projects#debugger or look in your package manager for your distro (perhaps 3rd party apps).


All times are GMT -5. The time now is 10:04 PM.