[?-HELP] Reverse enginering

[0E 800]

Try to get hands on this book:

Here:
https://evilzone.org/ebooks/practical-reverse-engineering/msg78110/#msg78110

Here is a torrent link for a bundle of RE books:
https://kat.cr/reverse-engineering-ebook-pack-t8894299.html

- Art of Assembly Language, The - Hyde, Randall - Assembly Language Step-by-Step_ Programming with Linux - Duntemann, Jeff - Bug Hunter's Diary, A - Tobias Klein - Gray Hat Python_ Python Programming for Hackers and Reverse Engineers - Seitz, Justin - Guide to Kernel Exploitation_ Attacking the Core, A - Perla, Enrico & Oldani, Massimiliano - Hacking_ The Art of Exploitation_ The Art of Exploitation - Erickson, Jon - IDA Pro Book_ The Unofficial Guide to the World's Most Popular Disassembler, The - Eagle, Chris - Linux Malware Incident Response_ A Practitioner's Guide ile Data - Cameron Malin & Eoghan Casey & James Aquilina - Malware Forensics Field Guide for Windows Syst Field Guides - Casey, Eoghan;Malin, Cameron H - Practical Malware Analysis_ The Hands-On Guide to Dissecting Malicious Software - Sikorski, Michael & Honig, Andrew - Practical Reverse Engineering_ x86, x64, ARM, Windows Kernel, Rev Obfuscation - Dang, Bruce & Gazet, Alexandre & Bachaalany, Elias - Reversing_ Secrets of Reverse Engineering - Eilam, Eldad

[matt_9908]

LegendofRandom's tutorials were great too, but his site has been down for weeks. I don't think this will change.

I have downloaded his tutorials a few moths ago. You can get them in the attachment.

[xLuckySzx]

Thank you again for being really friendly and helpful. I think now I have enough books to study, I will read as much as possible.

[Deque]

Thank you again for being really friendly and helpful. I think now I have enough books to study, I will read as much as possible.

You will have most success in learning RE if you concentrate on a few sources only and exercise a lot.
Lena's (or Random's) tutorials are great, if you actually do yourself what they teach you and not just consume.
They are enough fooder for a few months (at least weeks, if you have lots of time) of learning.

[gray]

Lena's tutorials are awesome, that's what I'm going through at the moment and I can say I've learned a ton. They are a great example of what you can learn by doing instead of reading ( not that reading is bad, but in my case, I've had best results with practical learning).

You can find Random's tutorials along with other guides and tutorials here: http://octopuslabs.io/legend/blog/sample-page.html

Tiga's video tutorials on Ida is also a good series: http://www.woodmann.com/TiGa/idaseries.html

[xLuckySzx]

I have a little problem with the first ReverseMe, When I start it in OllyDbg it says: Cannot find the entry point SendDlgitemMessageW the procedure in the dynamic link library C : \ Windows \ System32 \ ole32.dll

[gray]

I didn't run into your problem, but I recommend you use Win XP for these tutorials, I started on Win 7 but then switched to XP when some programs wouldn't work properly on 7. 

[novaccainne]

Hi , I think there are a lot of good books are published on the internet but I think you should start it with Lena's reverse enginnering tutorial because it shows you the power of reverse enginnering and of course the basics of reverse engineering.  You can download it from tuts4u. It is a very good primer for everyone

A lot of good articles can be found on  infosec resources : http://resources.infosecinstitute.com/category/reverse-engineering-2/ .

Tuts4u is also a good site : https://tuts4you.com/download.php

RCE forum is also a good site : http://www.woodmann.com/forum/content.php

[novaccainne]

I have a little problem with the first ReverseMe, When I start it in OllyDbg it says: Cannot find the entry point SendDlgitemMessageW the procedure in the dynamic link library C : \ Windows \ System32 \ ole32.dll

You may got the above exception message because it might be there is no entry point of the SendDlgitemMessageW procedure. Did you check it ? Have you fully watched the video ? 

[Trevor]

I have a little problem with the first ReverseMe, When I start it in OllyDbg it says: Cannot find the entry point SendDlgitemMessageW the procedure in the dynamic link library C : \ Windows \ System32 \ ole32.dll

Ollydbg is correct. SendDlgItemMessageW  is in user32.dll and NOT IN ole32.dll.
Check in MSDN https://msdn.microsoft.com/en-us/library/windows/desktop/ms645515(v=vs.85).aspx

The most probable reason for the error is you are using a newer version of Windows. My guess is Windows 10.

You need to use Windows XP 32bit. I would recommend using a VM if you are not already doing so.

[parad0x]

You need to use Windows XP 32bit. I would recommend using a VM if you are not already doing so.

Use SP2 or SP3, not SP1

[cupcake]

I recommend studying code patterns and what they are translated into assembly. Then you can try tackling some crackmes.

[multi168]

I recommend studying code patterns and what they are translated into assembly. Then you can try tackling some crackmes.

As a beginner you can also start a bit  more high-level with practicing reverse engineering. Decompiling a dotnet or java application for example.

For dotnet you can use ILSpy for example and decompile to C# and MSIL (MSIL is more or less the assembler code of a virtually emulated dotnet CPU). Studying the difference between code you wrote yourself, the reversed/decompiled C# version and the MSIL version can give you a good start in understanding code patterns and how they would look when you reverse engineer them in a low level language.