Quote:
If you still want to learn asm for reverse engineering, then the choice of architecture is determined by what you want to reverse engineer. Also the choice of what approach you take to asm is influenced by what you want to reverse engineer. If you want to reverse engineer any kind of ordinary programs, then you need to start with learning how to write asm functions callable from C (as I suggested earlier). Some asm tutorials start from boot code, which is a very specialized topic and useless if you want to reverse engineer anything other than boot code. Most other asm tutorials start with tiny whole programs, which also involves a lot of specialized, but otherwise useless, information. Before you understand those topics, you might imagine reverse engineering whole programs requires that knowledge. But it actually doesn't. The techniques used when the whole program must be asm don't appear anywhere in the compiled code when the main program is in a high level language. Something similar might appear in the compiled code of the basic system .so or .a files (.lib or .dll in Windows) the executable was linked against. But you don't need to reverse engineer those. You have their C source code. I did a quick search for my previous replies to related questions that I think are relevant for you. I found this post http://www.linuxquestions.org/questi...9/#post4661549 I found a whole lot of useful posts in this thread http://www.linuxquestions.org/questi...rn-asm-793174/ |
Quote:
|
Quote:
If you learn x86-64 quickly, you can go back and learn the differences between that and 32-bit. Both are still relevant for malware analysis if you learn a lot soon. Beyond that, what I said earlier still applies. For understanding most malware the first and most important aspect of asm to understand is the mechanism by which one function calls another, including how parameters are passed, how local variables are allocated by the new function, what registers are preserved, how results are returned, and how everything unwinds correctly (or not) during the return. |
Reverse engineering? I haven't read this book, but gets its fair share of recommendations: http://www.amazon.com/dp/0764574817
|
Edited stuff out - irrelevant ranting, not usefull for OP, sorry gang... :)
(excusing myself from this thread...) |
Thank you So much
|
Oh, heck ... maybe I'm just an old mainframe-junkie at heart who learned IBM Assembler early-on and did a lot of work with it ... if your brain is "wire"d the right way, computer hardware architecture (seen from software's point-of-view) can be interesting.
Especially since pocket-protectors come in lots of sexy colors! (So do nerdy glasses.) (what? what? why of course there is a "pocketprotectors.com"!) :hattip: |
Impossible Programs: a great lecture on some of computer science's most important subjects - Boing Boing
Quote:
|
All times are GMT -5. The time now is 01:51 PM. |