Beginner Reverse Engineering | Part 2: Compiling and Decompiling (Ghidra + IDA)

Рет қаралды 56,111

Marcus Hutchins

Күн бұрын

Пікірлер: 50

@MalwareTechBlog 3 жыл бұрын

Everyone was asking for Ghidra content, so here's the best of both world! Let me know what you want to see next.

@mpdragon33 3 жыл бұрын

More complex sample for analysis.

@watchlistsclips3196 3 жыл бұрын

@@mpdragon33 Same with me

@sergiomazariego_ 3 жыл бұрын

your malware reversing methodology, maybe a complete video about you reversing some packed malware, personally, if I can see all your process the better, even if that takes hours haha :)

@testme7073 3 жыл бұрын

I'd really love to hear your impressions of malware both from writing it and reversing it.

@monicapardeshi 3 жыл бұрын

How to reverse other languages like C++ or Go

@retroguy74 3 жыл бұрын

These "jump into the deep end" type videos are great for learning these types of concepts, or really programming in general. I think the small step, "here is a for loop", etc. is fine, but many people learn better by jumping into the meaty stuff like this right away. Really enjoy it.

@ChristopherGray00 3 жыл бұрын

trying to reverse engineer compiled binaries without knowing basic ASM instructions is pretty stupid, that gives me script kiddie vibes. you learn the instruction set first, then you reverse engineer.

@Roman-uy7qp 2 жыл бұрын

@@ChristopherGray00 I think some people find it easy to learn by practiscing, not just theory.

@jgurtz 3 жыл бұрын

Nice, very cool to see Ghidra and IDA side by side

@KenPryor 3 жыл бұрын

I really appreciate these videos. I like seeing both IDA and Ghidra, so I'm happy with either or both being shown. I like that you're starting out with simple code, as that really helps me understand better than if you were diving into the deep end of with something more complex.

@granttapp2875 2 жыл бұрын

How have I only just found these videos! Would love some more of these introduction to RE!

@thet0wsif Жыл бұрын

That was a really helpful video! basic but deep understanding, thanks!

@yeetyeet7070 3 жыл бұрын

yess more beginner stuff, love you my dude

@Demonslay335 3 жыл бұрын

Ah, I never knew the compiler optimized loops in that way, definitely seen my fair share of that in custom-rolled crypto functions. Your last statement about wondering wtf the dev was thinking vs it really being the compiler definitely applies all too often. 😅

@invalid5777 3 жыл бұрын

Every day I wait for a new tutorial

@XxLIVExX24 Жыл бұрын

@MalwareTechBlog In regards to your mention @11:20, my best guess why the compiler chose to reduce the iterations by a factor of 4 instead of 5,6,7 or more, was because it used up all the registers it wanted that could hold variables. In the pseudocode for the optimized code, you can see how the compiler declared variables v3-v7 whom correspond to ecx, edx, esi, eax, & edi. Are there any more registers for the compiler to use? Because if not, then the compiler would need more instructions or memory to hold other variables.

@nikos4677 3 жыл бұрын

finally part 2

@zeeshanparvez5235 2 жыл бұрын

What a brilliant video.

@tomiibarrientos9440 3 жыл бұрын

Thank you for the great content !!!

@МайклСмит-й1ю 3 жыл бұрын

please record a few videos on how to decipher strings with malware reverse and how to normalize the runtime graph. what tactics are commonly used in malware analysis would also be interesting to hear. The topic of binary comparison of microsoft patches is also very interesting. Thx a lot bro.

@z-corp Жыл бұрын

Please bring back reverse engineering... From basic to advanced and ollydbg also

@invalid5777 3 жыл бұрын

this is awesome!

@syrefaen 3 жыл бұрын

Fantastic, I love these. Your examples her are just perfect to get a better understanding!

@donovanvanderlinde3478 3 жыл бұрын

Thank you for the content

@redchameleon613 3 жыл бұрын

Any advice on the best method to add your reverted function back to the application. So, let's say you have reverted one function and want your version of the function to be used by the desktop app, then what do you do? Compile it to a library and then?

@codyverdes3289 3 жыл бұрын

THANK YOU FOR THIS!

@devilknowyou7733 3 жыл бұрын

Sir I am your big fan

@cristianbataturescu5695 2 ай бұрын

How to find a call to Internet connection, cancel it and recompile the exe ?

@ASCENDANTGAMERSAGE 2 жыл бұрын

I think the compiler did four because a lot of vector registers are exactly int*4 (or whatever primitive) in size.

@hakeemonipede8358 2 жыл бұрын

Please continue

@euclidyrdear5324 3 жыл бұрын

Hi MalwareTech, i have been wondering your path to becoming a pro reverser. I want to know how you understand the assembly instruction very fast without looking it up on the internet while cracking. I have studied the basics of assembly but cannot interpret it very fast with a glimpse. So do i need to write some program in assembly and use all assembly instructions there first, then come to cracking later? PS. Not relating to this video btw

@watchlistsclips3196 3 жыл бұрын

Just practice yo.You will keep up with that speed some time in future.He is doing programming for many years.He kept on practicing because of that he is where he is now.Do what you want to do.Make mistakes.You will learn something because of that.See his getting started in reverse engineering first video.Every golden point is present there.Just try something.Then try again.If u feel exhausted with trying about something try that in a new way or if you feel exhausted with those ways then figure out what you are missing and learn. with that look what u need to do after.What you need to do is to keep trying no matter what will happen.You will learn something because of that.Focus on learning something.There is no a-z path for you.Your path can be of anyway.See liveoverflow's youtube video on how to get started with hacking.It will definitely help us.Eventhough it is not relevant for you but definitely it will help you to get confidence in what want to do.Just fucking see it.Don't neglect that video and my advice.If you do what i said you will definitely thank me one day.