TechTipsNTricks - 16
Reverse Engineering Tools
Understand 2.0 analyzes your software code and creates a database containing information about the entities and the relations between entities. The database can then be browsed using various “graphical view” windows. The graphical views are divided into these kinds:
Hierarchy views show relations between entities. Each view follows a relation (for instance “Calls”) from the starting entity (that you inquired about) through its children and successors.
Structure views quickly show the structure of any entity that adds to the structure of your software (for instance a package, function, procedure, or task).
Ref:http://www.scitools.com/products/understand/
Source Insight is a revolutionary project oriented program code editor and code browser, with built-in analysis for C/C++, C#, and Java programs, as well as other languages. Source Insight parses your source code and maintains its own database of symbolic information dynamically while you work, and presents useful contextual information to you automatically. Not only is Source Insight a great program editor, but it also can display reference trees, class inheritance diagrams, and call trees. Source Insight features the quickest navigation of source code and source information of any programming editor.
Ref:
http://www.sourceinsight.com/
2 comments:
What You Have To Use
After reading the books, you need to start developing your toolkit. There are many tools you can use, but I thought I would list the tools that I have purchased or acquired and I move from machine to machine when reverse engineering. I'll start out with the free products and work my way to the commercial products.
PEDUMP
Matt Pietrek wrote PEDUMP and it's available on the MSDN CD or MSDN Online. PEDUMP dumps all the information about a Portable Executable (PE) binary. You can get the same output with DUMPBIN from Visual Studio, but I like the format of PEDUMP better. When looking for imported and exported functions, you need PEDUMP.
REGMON and FILEMON
Mark Russinovich wrote both REGMON and FILEMON, which are free and downloadable from www.sysinternals.com. REGMON monitors and completely reports all registry access on your computer. FILEMON monitors all disk and file accesses on you computer. Both of these tools allow you to easily see who's doing what to whom. One time I purchased a product that was downloadable and as a challenge, I wanted to see if I could break their registration scheme before I entered my valid, purchased ID. A total of two minutes with REGMON and I broke the scheme.
DEPENDS
The DEPENDS program from the Platform SDK reports all imported functions used by a program. You can even run an application under depends and see what functions it acquires through GetProcAddress. DEPENDS is the tool for monitoring what exports are used out of a DLL.
BoundsChecker
BoundsChecker is a commercial error detection tool from Compuware/NuMega. You can get more information about BoundsChecker by visiting www.numega.com. What many people don't realize about BoundsChecker is that it will monitor and record each and every API call a program makes and show them in the wonderful Event view. What makes it even more interesting is that BoundsChecker will record the complete parameter information and function return values as well. While you can't see into the APIs, BoundsChecker makes it quite easy to see API functions an algorithm called to get the work done. When I worked at NuMega, one of the demos we had was to show how the Solitaire game did the card magic at the end of the game.
SoftICE
SoftICE is also a commercial product from Compuware/NuMega. When you think of reverse engineering in Windows, SoftICE is right there because it's used by more people to reverse engineer things than anything else. I described how to get started with SoftICE in a previous column so you can turn there to get an idea how to use it. What I've always found amusing is that SoftICE is one of the most heavily pirated pieces of software around today. The beauty of SoftICE is that it allows you to see anywhere and everywhere, as well as get more information about the operating system than anything else.
A Disassembler
The final tool you need for larger reverse engineering chores is a disassembler. You already have one with the -DISASM switch to DUMPBIN. What makes DUMPBIN a little more useable is that it will use any symbols it can find so you can get more information. What you will probably want to do is to write a Perl script to process the output to make it more readable. While you can always use the debugger's Disassembly window, you sometimes need the disassembly in a text file.
Ref:
http://www.codeguru.com/cpp/v-s/debug/reverseengineering/article.php/c4413
A few more tools for Windows/Linux OSes:
http://en.wikibooks.org/wiki/Reverse_Engineering/Other_Tools#GNU_Tools
Post a Comment