Beginner Reverse Engineering | Part 1: How To Find The Main Function
Vložit
- čas přidán 9. 05. 2021
- Walking through how to get from the entry point to main function when reverse engineering a Windows application in IDA 7.0 Freeware, and introduction to debug symbols.
Patreon: / malwaretech - Věda a technologie
Working on more content! Let me know what else you'd like to see me do a video on.
possibly on good job routes/options for cybersecurity students leaving university soon in your opinion? please
Make complete lecture on Reverse Engineering beginners to advanced
Same code on ghidra?
Also what are the prerequisites to REng?
Writing and exploiting an interrupt handler
Unpacking a lot of rare packers
Holy crap. I started reverse engineering about two years earlier, and I've devised so many tips and tricks and startup code pattern recognition to identify the main function over the years, but that tiny insight that the return value is actually used by the OS itself (so would have to be returned by the startup code too) is single handedly the best tip I've ever heard to pinpoint main! Game changing!
This video helped me reverse an exe for htb.
After a damn year of nothing clicking, this one damn video tied everything together.
Thank you!
I got to know about you after reading the Wired article some months ago. I am so excited to find your CZcams channel. Am binge watching and following along :P Thanks a lot for doing this !!!!
The first time I opened my own simple Hello World program written in C, and saw how much extra boilerplate code is added to my program for the EXE to run, I was very much blown away, and now I realize that so much of what you see in IDA is often a lot of benign machine code that doesn't do anything bad at all, knowing how to identify it probably only comes from experience.
Thanks, great intro!
I would love a series where you reverse progressively more complicated programs up to real life malware examples.
Thank you so much for the beginner series man. appreciate it.
Great video just like the last, love this kind of content on your level! As for more videos in the future just keep reversing harder and harder stuff then maybe even do more specific series of stuff after more general ones, like only ELF files, or only EXE, or use Ghidra instead of Ida or even R2
This is a great initiative ! Looking forward for more videos :)
I love your beginners videos so far
This is gold, we need more RE tutorials and maybe even a x86 ASM course haha, honestly would pay for a course for malware analysis if you made one
I would really appreciate some videos onto debuggers and dynamic analysis in general... like x64dbg, radare2 or even gdb
ida has a debugger. i wouldn’t be surprised if thats where this was going. heads up though, gdb is objectively better than r2
@@ImagoCanis it does, however, ida is not the best for dynamic analysis. x64dbg is way better compared to ida in dynamic analysis
Good one.. Please add walkthrough video on unpacking a malware.. The way you run through the concept is awesome
Very helpful. Thank you for sharing your knowledge.
Great video Marcus! So few people are on your level and your content is vital to help change that. Keep it up!
Thank you very much. Please keep teaching dear @Marcus
this is really interesting even for a non cybersecurity person who is just casually programming sometimes
edit: i would love to see more of this technical stuff... i feel like i could learn a lot from you
Great stuff! Thank you!
Great video thank you marcus ❤❤
Marcus, this was so sick, thank you. I realized with the free IDA it doesn't look like you can show all of the function graph items at once? But once I started clicking through the different functions I was able to find the entry point as you described, Would love more of these beginner tuts. Question, how much better is IDA than Ghidra in your opinion?
Thank you for the content Marcus
Any chance you could go deep on labs?
As someone starting out I find there’s a lot of conflicting info on what a proper setup is
Thank you Marcus.
Would love to see a video on tips n tricks or just the steps for iOS malware analysis, as there's not a lot of content out there for it.
Do you use radare? would love to see you with all those powerful tools
Can you dynamically load the binary and pause on entry point the same as in x64dbg?
Can you please create playlist for reverse engineering or course, it would be really helpful? Thank you.
honestly which os do you spend your time witht he most? i know there's nothing like best, and one can choose his os and set tools in it. so just an overall questioin, and if windows , why?
I Tried doing this a couple of days ago reversing a hello world program but got overwhelmed by all the assembly and the control flow charts :P thanks marcus ty for this
The BEST!
For some reason, when I follow the same procedure you did, IDA automatically shows the main function, not sure how... I did say no to symbols.
Also, gave you a sub. :)
Thank you for sharing this.
Please share ways of manipulating packets on a network.
I have made a c++ exe in VS but when I load it in IDAPro and go to export to see my main entry, I have different branches as compared to this videos. I have written the same code.
I would really appreciate some videos on how to be a researcher and malware analysis!
when the next tutorial is going to be released?
Why are there some many functions when you load the symbols? Is that all standard library stuff?
Question: Does the _start function really return? An application must call some api to exit itself, so probably should find _exit function or something similar? Also, I think in x64 the return value is still stored in eax, not rax, because int type is still 32bits in x64.
Of course it is a great method and indeed works.
Hello, can you help with decompile already hacked software?
How much of that CRT startup code is actually needed? I know there's ways to compile without it but it seems like there's a *lot* there.
Zoom the code little bit also can you do a vid how you setup this environment for beginners? So we can follow this along! Thanks
The environment is just a Windows system with Visual Studio + IDA Freeware installed
u can make one of this reaction vids like hacker reacts to hacking in films or hacker reacts to watchdogs, this kind of videos always get a lot views
go on bro
Thxx
did i miss something? what if void main?
Noice!
Was trying this with 64bit and couldn't figure it out, 32Bit is a lot easier.
I know there's a big difference between them both, I'll have to have a look
How to find gname gworld
mov S, D Move source to destination
Brother need video how to crack software
Good video. +1 on the text being too small.
is this malware dude from twitter ?
findOEP.cpp
Please, decrease your screen resolution probably down to 800x600 since, in my case, I use to watch videos on my ~5.5 inches smartphone and the problem is that reading is impossible since fonts are too small, this could probably extend to most of your audience. Thank you.
I can maybe do 720p, but 800x600 is way too low resolution to record at. The videos are meant to be viewed full screen on a computer so you can follow along.
Wouldn't just increasing DPI solve the problem?
A lot of software ignores the DPI settings
@@MalwareTechBlog idk, for me on 1920x1080 15'6 laptop it's perfectly fine...
Keep going mate, you are very informative!
Thank you!
@@MalwareTechBlog Ah. That's a bummer.
F*ck windows. i just spent 2 hours reverse engineering CRT entry point and some functions, because I thought it was the actual code.
Ngl I understood nothing.