PV204 Security technologies Reverse engineering of binary applications Petr Švenda Faculty of Informatics, Masaryk University.

Slides:



Advertisements
Similar presentations
Utilizing the GDB debugger to analyze programs Background and application.
Advertisements

Procedures and Stacks. Outline Stack organization PUSH and POP instructions Defining and Calling procedures.
Lab6 – Debug Assembly Language Lab
Programming The Development Environment and Your First C Program.
The IDE (Integrated Development Environment) provides a DEBUGGER for locating and correcting errors in program logic (logic errors not syntax errors) The.
Laboratory 1 – ENCM415 Familiarization with the Analog Devices’ VisualDSP++ Integrated Development Environment.
1 Gentle Introduction to Programming Tirgul 2: Scala “hands on” in the lab.
OllyDbg Debuger.
DEBUGGERS For CS302 Data Structures Course Slides prepared by TALHA OZ (most of the text is from
1 Introduction to Programming Environment Using MetroWerks CodeWarrior and Palm Emulator.
Parts of a Computer Why Use Binary Numbers? Source Code - Assembly - Machine Code.
Introduction to InfoSec – Recitation 2 Nir Krakowski (nirkrako at post.tau.ac.il) Itamar Gilad (itamargi at post.tau.ac.il)
© Copyright 1992–2005 by Deitel & Associates, Inc. and Pearson Education Inc. All Rights Reserved. Tutorial 2 - HelloWorld Application: Introduction to.
Debugging applications, using properties Jim Warren – COMPSCI 280 S Enterprise Software Development.
P.1ECE 331, Prof. A. Mason Professor Andrew Mason Michigan State University Spring 2013 ECE 331: PC Lab 1: Using HC12 ASM Simulators.
CS Tutorial 1 Getting Started with Visual Studio 2012 (Visual Studio 2010 are no longer available on MSDNAA, please choose Visual Studio 2012 which.
Keith Elder Microsoft MVP
Debugging Projects Using C++.NET Click with the mouse button to control the flow of the presentation.
Part 3: Advanced Dynamic Analysis Chapter 8: Debugging.
Binary Auditing Geller Bedoya Michael Wozniak. Background  Binary auditing is a technique used to test the security and discover the inner workings of.
DDT Debugging Techniques Carlos Rosales Scaling to Petascale 2010 July 7, 2010.
EECS 354 Network Security Reverse Engineering. Introduction Preventing Reverse Engineering Reversing High Level Languages Reversing an ELF Executable.
Introduction to Information Security מרצים : Dr. Eran Tromer: Prof. Avishai Wool: מתרגלים : Itamar Gilad
Getting Started with MATLAB 1. Fundamentals of MATLAB 2. Different Windows of MATLAB 1.
Welcome To Eclipse. Basic Concepts Workspace – directory where your projects are stored –Projects grouping of related works –Resources generic term to.
OCC - CS/CIS CS116-Ch00-Orientation Morgan Kaufmann Publishers ( Augmented & Modified by M.Malaty) 1CS 116 Fall 2003 Not quite finished Creating.
Module 6: Debugging a Windows CE Image.  Overview Debug Zones IDE Debug Setup IDE Debug Commands Platform Builder Integrated Kernel Debugger Other Debugging.
Introduction to InfoSec – Recitation 2 Nir Krakowski (nirkrako at post.tau.ac.il) Itamar Gilad (itamargi at post.tau.ac.il)
Allegro CL Certification Program Lisp Programming Series Level I Session Basic Lisp Development in the IDE.
1 Getting Started with C++. 2 Objective You will be able to create, compile, and run a very simple C++ program on Windows, using Visual Studio 2008.
Bit-DSP-MicrocontrollerTMS320F2812 Texas Instruments Incorporated European Customer Training Center University of Applied Sciences Zwickau (FH)
Mobile Programming Lecture 3 Debugging. Lecture 2 Review What widget would you use to allow the user to enter o a yes/no value o a range of values from.
1 Debugging and Syntax Errors in C++. 2 Debugging – a process of finding and fixing bugs (errors or mistakes) in a computer program.
Disclaimer The Content, Demonstration, Source Code and Programs presented here is "AS IS" without any warranty or conditions.
CSE 374 Programming Concepts & Tools Hal Perkins Fall 2015 Lecture 11 – gdb and Debugging.
Lab00-Getting Started with VC Launch VS 2005 Launch Visual Studio 2005 – Start > All Programs > Microsoft Visual Studio 2005 > Microsoft Visual.
Introduction to Information Security מרצים : Dr. Eran Tromer: Prof. Avishai Wool: מתרגלים : Itamar Gilad
1 Getting Started with C++ Part 1 Windows. 2 Objective You will be able to create, compile, and run a very simple C++ program on Windows, using Microsoft.
How to Execute TSR Program. Install Borland C++ Download Borland C++ from LMS – oads/BORLANDC.rarhttp://vulms.vu.edu.pk/Courses/CS609/Downl.
Embedded Systems Design with Qsys and Altera Monitor Program
Intoduction to Andriod studio Environment With a hello world program.
Lecture 11 Example Rootkit. Intel internship Intel CTG (Corporate Technology Group) –Advanced research & development –System integrity services using.
Introduction to Reverse Engineering
Lecture 10 Anti-debugger techniques. Anti-debuggers Making reverse-engineering and disassembly painful –Polymorphism –Encryption –Interrupt disabling.
Netbeans QuickStart. Creating a project File->New Project –For now you want General->Java Application –Then fill in the project details.
Exercise 5: Developing an Embedded Application Write a software application to run on the system that we built in the previous exercise Compile the code.
GDB Introduction And Lab 2
1 Using an Integrated Development Environment. Integrated Development Environments An Integrated Development Environment, or IDE, permits you to edit,
PV204 Security technologies
PV204 Security technologies
Lab assignments Follow each lab walkthrough in textbook
Static and dynamic analysis of binaries
Tutorial 2 IDE of Keil for the ARM 7 board(2)
Live Phishing Attack Authentication Activity from a Foreign Address.
Compiler Construction (CS-636)
WORKSHOP 6 USING THE ASCII CONDUIT
ACOE301: Computer Architecture II Labs
Malware Incident Response  Dynamic Analysis - 2
CENG2400 Tutorial 1 Keil IDE CENG2400 tutorial 1 v.7a.
Lab assignments Follow each lab walkthrough in textbook
1. Open Visual Studio 2008.
Debugging at Scale.
ECE 3567 Microcontroller Lab
CSC235 - Visual Studio Tutorial
Our Environment We will exercise on Microsoft Visual C++ v.6
Double click Microsoft Visual Studio 2010 on the Computer Desktop
System Level Programming Software College of SCU
Module 6: Debugging a Windows CE Image
Mu Editor – New User Cheat Sheet – CircuitPython Mode
Mu Editor – New User Cheat Sheet – CircuitPython Mode
Presentation transcript:

PV204 Security technologies Reverse engineering of binary applications Petr Švenda Faculty of Informatics, Masaryk University

Laboratory Go to disassembly in IDE, understand basic principles Practical disassembling and binary debugging tutorial Lena tutorial 1 & 2 Open file in debugger Basic operations, jumps Patching Understanding structures from assembler | PV204: Rootkits, RE

OllyDbg - shortcuts F3... Open binary file F2... Toggle breakpoint (on opcodes, or double click) F9... Run debugged program Ctrl+F2... Restart program, all temporary changes are lost! F8... Step over F7... Step into Spacebar or double click... allows to set new opcode. Use when you like to change program behaviour, e.g., replacing conditional jump (JGE) by unconditional jump (JMP) or to discard instruction (NOP). Alt+BkSp... Undo change | PV204: Rootkits, RE

OllyDbg - shortcuts Rightclick->Search for->All referenced text strings... Constant text strings referenced in code. Use to find strings like hardcoded passwords, important messages (“Wrong license”). Double click on string will takes you to referencing instruction. Helps you to build mind model quickly. Rightclick->Find references to->Address constant... will find references to particular memory elsewhere in the code – use when you like to know where in code the memory is set, changed or otherwise used. Ctrl+F1... Help on Win32 API (WIN32 API help file already prepared in OllyDbg directory (WIN32.HLP)). Use to get meaning of the parameters pushed to stack just before the API function is called. ;... add or edit your comment for specific code line. Use to write down things you already understand. Use classic paper as well (program mind model) Rightclick->Copy to executable->All modifications (or Selection) … make changes permanent. New window with modified code is opened. Rightclick- >Save file to write patched binary to disk. | PV204: Rootkits, RE

Homework 5 – Crackme disassembling Reverse engineer supplied crackme file pv204.exe –Obtain information about its behavior (OllyDbg) –Make crackme to continue successfully without error message by a)Patching (modification of control routine, submit patched file) b)Creating valid license info (submit license file) Produce short (1xA4) text description of solution –How you performed analysis, what you learned, how you solved Bonus: More principally different solutions for the same problem might be awarded by extra points Submit before: am (full number of points) –Every additional started day (24h) means 1.5 points penalization 5 | PV204 Security technologies - Labs

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.