Beginner Reverse Engineering | Part 2: Compiling and Decompiling (Ghidra + IDA)
HTML-код
- Опубликовано: 2 окт 2024
- An introduction to C compilers and decompilers, how compile order and optimization works, and tricks you can use to speed up reverse engineering. Examples given in both Ghidra and IDA.
Everyone was asking for Ghidra content, so here's the best of both world! Let me know what you want to see next.
More complex sample for analysis.
@@mpdragon33 Same with me
your malware reversing methodology, maybe a complete video about you reversing some packed malware, personally, if I can see all your process the better, even if that takes hours haha :)
I'd really love to hear your impressions of malware both from writing it and reversing it.
How to reverse other languages like C++ or Go
These "jump into the deep end" type videos are great for learning these types of concepts, or really programming in general. I think the small step, "here is a for loop", etc. is fine, but many people learn better by jumping into the meaty stuff like this right away. Really enjoy it.
trying to reverse engineer compiled binaries without knowing basic ASM instructions is pretty stupid, that gives me script kiddie vibes.
you learn the instruction set first, then you reverse engineer.
@@ChristopherGray00 I think some people find it easy to learn by practiscing, not just theory.
yess more beginner stuff, love you my dude
Nice, very cool to see Ghidra and IDA side by side
Ah, I never knew the compiler optimized loops in that way, definitely seen my fair share of that in custom-rolled crypto functions. Your last statement about wondering wtf the dev was thinking vs it really being the compiler definitely applies all too often. 😅
Advertisement in disguise of tutorial against an excellent and free opensource product ☹️.
everything is open source if you can read assembly
Please continue
finally part 2
@MalwareTechBlog In regards to your mention @11:20, my best guess why the compiler chose to reduce the iterations by a factor of 4 instead of 5,6,7 or more, was because it used up all the registers it wanted that could hold variables. In the pseudocode for the optimized code, you can see how the compiler declared variables v3-v7 whom correspond to ecx, edx, esi, eax, & edi. Are there any more registers for the compiler to use? Because if not, then the compiler would need more instructions or memory to hold other variables.
That was a really helpful video! basic but deep understanding, thanks!
The compiler could optimize it even more if it just set eax to 5050, just sayin...
Please bring back reverse engineering... From basic to advanced and ollydbg also
I think the compiler did four because a lot of vector registers are exactly int*4 (or whatever primitive) in size.
I really appreciate these videos. I like seeing both IDA and Ghidra, so I'm happy with either or both being shown. I like that you're starting out with simple code, as that really helps me understand better than if you were diving into the deep end of with something more complex.
Any advice on the best method to add your reverted function back to the application. So, let's say you have reverted one function and want your version of the function to be used by the desktop app, then what do you do? Compile it to a library and then?
How have I only just found these videos! Would love some more of these introduction to RE!
please record a few videos on how to decipher strings with malware reverse and how to normalize the runtime graph. what tactics are commonly used in malware analysis would also be interesting to hear. The topic of binary comparison of microsoft patches is also very interesting. Thx a lot bro.
how do i decompile pyarmor
What a brilliant video.
ex4 possible
Every day I wait for a new tutorial
Sir I am your big fan
Thank you for the content
Hi MalwareTech, i have been wondering your path to becoming a pro reverser. I want to know how you understand the assembly instruction very fast without looking it up on the internet while cracking. I have studied the basics of assembly but cannot interpret it very fast with a glimpse. So do i need to write some program in assembly and use all assembly instructions there first, then come to cracking later?
PS. Not relating to this video btw
Just practice yo.You will keep up with that speed some time in future.He is doing programming for many years.He kept on practicing because of that he is where he is now.Do what you want to do.Make mistakes.You will learn something because of that.See his getting started in reverse engineering first video.Every golden point is present there.Just try something.Then try again.If u feel exhausted with trying about something try that in a new way or if you feel exhausted with those ways then figure out what you are missing and learn. with that look what u need to do after.What you need to do is to keep trying no matter what will happen.You will learn something because of that.Focus on learning something.There is no a-z path for you.Your path can be of anyway.See liveoverflow's youtube video on how to get started with hacking.It will definitely help us.Eventhough it is not relevant for you but definitely it will help you to get confidence in what want to do.Just fucking see it.Don't neglect that video and my advice.If you do what i said you will definitely thank me one day.
ex4 possible?
Thank you for the great content !!!
hmm so optimized complicated code is pretty much impossible to decompile and make any sense of? other then that great video
no? why did you come to such a stupid conclusion?
this is awesome!
THANK YOU FOR THIS!
can you do some thing in lua ? 🤪😉
Fantastic, I love these. Your examples her are just perfect to get a better understanding!
5:23 please next time PLEASE say total += number
Oye wey no entiendo el ingles
can you please send the code browser program....thanks
Your voice is like, Forest Gump