This by no means prevents the reverse engineer
from examining an application; it simply makes such an examination a bit more
difficult. Binary auditing requires a somewhat different skill set than source code auditing.
Whereas a competent C programmer can audit C source code regardless of what
type of architecture the code is intended to be compiled on, auditing binary code
requires additional skills in assembly language, executable file formats, compiler behavior,
operating system internals, and various other lower-level skills. Books offering to
teach you how to program are a dime a dozen, while books that cover the topic of
reverse engineering binaries are few and far between. Proficiency at reverse-engineering
binaries requires patience, practice, and a good collection of reference material. All you
need to do is consider the number of different assembly languages, high-level languages,
compilers, and operating systems that exist to begin to understand how many
possibilities there are for specialization.
Manual Auditing of Binary Code
Two types of tools that greatly simplify the task of reverse engineering a binary file are
disassemblers and decompilers. The purpose of a disassembler is to generate assembly
Chapter 12: Passive Analysis
289
PART IV
language from a compiled binary, while the purpose of a decompiler is to attempt to generate
source code from a compiled binary.
Pages:
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525