This training will provide students with an overview of Reverse Code Engineering (RCE). Students will learn how debuggers and disassemblers work, how to build them and how to automate these tools with script languages like Python. Also, they will see the real application of reverse engineering to understand how real code really works in the system.

Student Pre-requisite

Basic knowledge of assembly language and C ANSI

Software Requirement

Windbg, OllyDbg, Python

Hardware Requirement

Laptop computer

Course Outline

History of RCE

Importance of RCE

Executable file formats
  • ELF executable format
  • PE/COFF executable format
Disassembling code
  • ISA - Instruction Set Architecture
  • Methods and algorithms
Disassembler tools
  • OllyDbg
  • Windbg
  • distorm64
  • IDA
  • OllyDbg
  • Windbg
  • SoftICE
  • PyDBG
OS API and reverse engineering Reverse engineering applications:
  • File format reverse engineering
  • Vulnerability research
  • Breaking protections
  • Reversing undocumented functions
  • Malware analysis
Automating reverse engineering
  • IDAPython
  • PyDbg
  • Immunity Debugger

About Instructor

Edgar Barbosa is a security researcher in the Advanced Malware Lab (AML) of COSEINC. He was a member of the team within AML to develop "Blue Pill", a virtual machine rootkit, and has published several papers. Edgar is an expert in kernel and rootkit research.