Tag: Reverse Engineering

x86 Assembly Returns Confusion

March 23, 2017
Research
Comments Off

When analyzing assembly code, be sure to pay attention to a routine’s arguments when the return is not apparent. For example, many times, returns are placed into eax and then eax is subsequently manipulated or read within a few instructions after a function call like this for example: Here we see that immediately after LoadLibraryA…

Read More

Benefits of Reverse Engineering for Programmers

March 12, 2017
Editorials
Comments Off

In this post I will share some of the benefits that becoming a better reverse-engineer has had on my software development. Unfortunately, reverse-engineering, or so-called “reversing” seems to occasionally be associated with “cracking,” which is essentially criminal activity associated with violating a program’s license agreements and making it do things that it was not intended…

Read More

The PortEx Optional Header – Setting Up Memory for Windows Programs

March 11, 2017
Research
Comments Off

In this write-up, I’ll be presenting part of the Microsoft Windows Portable Executable’s (PE) Optional Header. Why? Because knowledge of the PE format is extremely important for a malware analyst and reverse engineer, plus they’re just plain fun to learn about. The PE headers are often corrupted and otherwise messed with by packers/compressors and other…

Read More