Presentation is loading. Please wait.

Presentation is loading. Please wait.

DR. MIGUEL ÁNGEL OROS HERNÁNDEZ 4. Herramientas. Contexto Computers understand binary code Binary code can be written in hexadecimal Hexadecimal code.

Published byWilla Chandler Modified over 8 years ago

Similar presentations

Presentation on theme: "DR. MIGUEL ÁNGEL OROS HERNÁNDEZ 4. Herramientas. Contexto Computers understand binary code Binary code can be written in hexadecimal Hexadecimal code."— Presentation transcript:

1 DR. MIGUEL ÁNGEL OROS HERNÁNDEZ 4. Herramientas

2 Contexto Computers understand binary code Binary code can be written in hexadecimal Hexadecimal code can be encoded in assembly language Assembly language is human-readable but not as intuitive as source code Decompilers convert assembly into an easier-to-read source code

3 4. Herramientas 1. Enfoques 2. Editores de Hexadecimal 3. Desensambladores 4. Depuradores 5. Decompiladores 6. Herramientas de monitoreo 7. Herramientas de parches

4 Enfoques

5 Reversing methodologies Offline analysis Live analysis

6 Enfoques offlinee code analysis Dead-listing Take a binary executable and use disassembler or a decompiler to convert it into a human-readable form Reversing: manually reading and analyzing parts of that output

7 Enfoques live code analysis Involves the same conversion of code into a human- readable form Don’t just statically read the converted code but instead run it in a debugger and observer its behavior on a live system Observation of internal data and how it affects the flow of the code We can see what individual variables contain and what happens when the program read or modifies that data Better approach for beginners Tools: debuggers

8 Editores de Hexadecimal

9 Hex editors read executing programs from RAM Display their contents in hexadecimal code Enable the editing of the running hexadecimal code Hex EditorsRAM EditorData Recovery Tools RAM Disassembler WinHex Tsearch

10 Editores de Hexadecimal Hex EditorAuthorPlatformLicenceWebsite WinHexSf-softWindowsSharewarehttp://www.sf.soft.de

11 Desensambladores

12 Desensambladores/Depuradores Convert binary code into its assembly equivalent Extract ASCII strings and used libraries View memory, stack and CPU registers Run the program (with breakpoints) Edit the assembly code at runtime

13 Desensambladores One of the most important reversing tools Decode binary machine code into a readable assembly language text Platform-specific

14 Desensambladores

15 Desensambladores IDA Pro The most popular of the disassemblers IDA (Interactive Disassembler) by DataRescue www.datarescue.com Supports a variety of processor architectures  IA-32  IA-64  AMD64 …… Supports a variety of executable file formats  Portable Executable (PE, used in Windows)  Executable and Linking Format (ELF, used in Linux)  XBE (used on Microsoft’s Xbox) Costs  $399 usd (standard edtion)  $795 usd (advanced edition) http://www.hex-rays.com/products/ida/support/download.shtml

16 Desensambladores ILDasm For Microsoft Intermediate Language (MSIL)  Low-level assembly language  like language used in.NET programs Fundamental tool for.NET reversing Operates only on Portable Executable Files (PE) .exe,.dll of.NET Framework Included in.NET Framework SDK PE Ilasm.exe archivo texto De MSIL

17 Desensambladores ILDasm: ejemplo de utilización 1. Compilar el código en un lenguaje de programación que no admite todos los atributos de metadatos en tiempo de ejecución 2. Obtener el archivo texto de MSIL resultante 3. Editar manualmente los atributos que faltan 4. Ejecutar el archivo texto mediante el ensamblador MSIL para producir un archivo ejecutable final

18 Depuradores

19 1. To assist software developpers with locating and correcting errors in their programs 2. To be used as powerful reversing tools Idea The debugger provides a disassembled view of the currently running function and allows the user to step through the disassembled code and see what the program does at every line

20 Depuradores key debuggers features Powerful disassembler Software and hardware breakpoints View of Registers and Memory Process Information

21 Depuradores User-Mode Debuggers Conventional applications that attach to another process (the debugee) and can take full control of it Easy to set up and use Running on the system Kernel-Mode Debuggers To get a view of the system as a whole and not on a specific process They are components that sits alongside the system’s kernel and allow for stopping and observing the entire system at any given moment Difficult to set up and ussually require a dedicated system because destabilize the operating system Kernel Debugging on Virtual Machines

22 Depuradores Some User-Mode Debuggers OllyDbg (Oleh Yuschuk)  For assembler (32 bits) and Windows operating systems  Free and shareware debugger  Used for cracking WinDbg  Free debugger provided by Microsoft (Debugging Tools for Windows) IDA Pro Some Kernel-Mode Debuggers WinDbg Numega SoftICE

23 Depuradores OllyDbg Executes program in a controlled environment Allows the flow of the program to be controlled Uses a convenient layout showing hexadecimal, assembly, CPU registers and stack Allows the program to be dumped from the memory onto the hard-disk Highlights recently changed values in memory/stack/CPU registers

24 Decompiladores

25 A reverser’s dream tool It is never possible to restore the original code in its exact form The compilation process always removes some information from the program decompiler High-level language source- code Program binary

26 Decompiladores REC Decompiles a programa from binary code to C pseudo-code Translates any binary it cannot decompile into assembly code Typically generates 60-70% of the program source code Hex EditorAuthorPlatformLicenceWebsite RecBacker Street Software Windows Linux Freewarehttp://www.backerstre et.com/rec/rec.htm

27 Herramientas de monitoreo

28 System monitoring: an important part of the reversing process A general category of tools that observe the various channels of I/O that exists between applications and the operating system p.e. file access monitors An interesing set of tools: Sysinternals  http://technet.microsoft.c om/es-mx/sysinternals http://technet.microsoft.c om/es-mx/sysinternals  Categories  Utilities for disks and files  Network  Process and subprocesses  Security  System Information  Others

29 Herramientas de monitoreo the most interesting tools FileMon Monitors all file-system level traffic between programs and the operating system TCPView Monitors all active TCP and UDP network connections on evey process TDIMon  Similar to TCPView  Monitors network traffic  Provides information on any sockect-level operation performed from any process in the system RegMon A registry activity monitor that reports all registry access from every program PortMon A physical port monitor that monitors all serial and parallel I/O traffic on the system WinObj Presents a hierarchical view of the named objects in the system Processs Explorer  A turbo version of the Windows Task Manager (WTM)  Designed to replace WTM

30 Herramientas de parches

31 Patching tools Patching  Process of modifying code in a binary executable to somehow alter its behavior  Related to reversing because in order to know where to patch, one must understand the program being patched  Comes after a reversing session  Typically performed by crackers

32 Bibliografía Reversing: Secrets of Reverse Engineering  Eldad Eilam  Wiley Publishing, Inc.  2005 Desensamblador de MSIL (ILDasm)  http://msdn.microsoft.com/es- es/library/f7dy01k1(v=vs.80).aspx http://msdn.microsoft.com/es- es/library/f7dy01k1(v=vs.80).aspx Tutorial de Ildasm.exe  http://msdn.microsoft.com/es- es/library/aa309387(v=vs.71).aspx http://msdn.microsoft.com/es- es/library/aa309387(v=vs.71).aspx Framework Tools – ILDASM: An Introduction to the Microsoft Intermediate Language Dis-Assembler  Dan Mabbutt  http://visualbasic.about.com/od/FWTools/a/F WToolsILDASM.htm http://visualbasic.about.com/od/FWTools/a/F WToolsILDASM.htm

33 Bibliografía OllyDbg  http://www.ollydbg.de/ http://www.ollydbg.de/  http://es.wikipedia.org/wiki/OllyDbg http://es.wikipedia.org/wiki/OllyDbg

34 Fin

Download ppt "DR. MIGUEL ÁNGEL OROS HERNÁNDEZ 4. Herramientas. Contexto Computers understand binary code Binary code can be written in hexadecimal Hexadecimal code."

Similar presentations

SYSTEM PROGRAMMING & SYSTEM ADMINISTRATION

SYSTEM PROGRAMMING & SYSTEM ADMINISTRATION
Systems Software.

Systems Software.
Assembly 01. Outline Binary vs. Text Files Compiler vs. Assembler Mnemonic Assembly Process Development Process Debugging Example 1 this analogy will.

Assembly 01. Outline Binary vs. Text Files Compiler vs. Assembler Mnemonic Assembly Process Development Process Debugging Example 1 this analogy will.
DR. MIGUEL ÁNGEL OROS HERNÁNDEZ 5. Descifrado de formatos de archivo.

DR. MIGUEL ÁNGEL OROS HERNÁNDEZ 5. Descifrado de formatos de archivo.
DR. MIGUEL ÁNGEL OROS HERNÁNDEZ 9. Técnicas anti-ingeniería inversa.

DR. MIGUEL ÁNGEL OROS HERNÁNDEZ 9. Técnicas anti-ingeniería inversa.
Lab6 – Debug Assembly Language Lab

Lab6 – Debug Assembly Language Lab
Fundamentals and a Brief History of Computer Systems.

Fundamentals and a Brief History of Computer Systems.
Information Networking Security and Assurance Lab National Chung Cheng University Investigating Hacker Tools.

Information Networking Security and Assurance Lab National Chung Cheng University Investigating Hacker Tools.
16/13/2015 3:30 AM6/13/2015 3:30 AM6/13/2015 3:30 AMIntroduction to Software Development What is a computer? A computer system contains: Central Processing.

16/13/2015 3:30 AM6/13/2015 3:30 AM6/13/2015 3:30 AMIntroduction to Software Development What is a computer? A computer system contains: Central Processing.
Copyright © 2008 Pearson Education, Inc. Publishing as Pearson Addison-Wesley Starting Out with Programming Logic & Design First Edition by Tony Gaddis.

Copyright © 2008 Pearson Education, Inc. Publishing as Pearson Addison-Wesley Starting Out with Programming Logic & Design First Edition by Tony Gaddis.
Copyright © 2012 Pearson Education, Inc. Chapter 1: Introduction to Computers and Programming.

Copyright © 2012 Pearson Education, Inc. Chapter 1: Introduction to Computers and Programming.
Computers: Tools for an Information Age

Computers: Tools for an Information Age
Copyright © 2008 Pearson Education, Inc. Publishing as Pearson Addison-Wesley Starting Out with C++ Early Objects Sixth Edition by Tony Gaddis, Judy Walters,

Copyright © 2008 Pearson Education, Inc. Publishing as Pearson Addison-Wesley Starting Out with C++ Early Objects Sixth Edition by Tony Gaddis, Judy Walters,
1-1 Embedded Software Development Tools and Processes Hardware & Software Hardware – Host development system Software – Compilers, simulators etc. Target.

1-1 Embedded Software Development Tools and Processes Hardware & Software Hardware – Host development system Software – Compilers, simulators etc. Target.
Chapter 1 Introduction to C Programming. 1.1 INTRODUCTION This book is about problem solving with the use of computers and the C programming language.

Chapter 1 Introduction to C Programming. 1.1 INTRODUCTION This book is about problem solving with the use of computers and the C programming language.
C++ Programming: From Problem Analysis to Program Design, Third Edition Chapter 1: An Overview of Computers and Programming Languages C++ Programming:

C++ Programming: From Problem Analysis to Program Design, Third Edition Chapter 1: An Overview of Computers and Programming Languages C++ Programming:
OllyDbg Debuger.

OllyDbg Debuger.
Starting Out with C++: Early Objects 5/e © 2006 Pearson Education. All Rights Reserved Starting Out with C++: Early Objects 5 th Edition Chapter 1 Introduction.

Starting Out with C++: Early Objects 5/e © 2006 Pearson Education. All Rights Reserved Starting Out with C++: Early Objects 5 th Edition Chapter 1 Introduction.
Chapter 3 Software Two major types of software

Chapter 3 Software Two major types of software
Asst.Prof.Dr.Ahmet Ünveren 2014-2015 SPRING Computer Engineering Department Asst.Prof.Dr.Ahmet Ünveren 2014-2015 SPRING Computer Engineering Department.

Asst.Prof.Dr.Ahmet Ünveren SPRING Computer Engineering Department Asst.Prof.Dr.Ahmet Ünveren SPRING Computer Engineering Department.

Similar presentations

Ads by Google