Results 1 to 7 of 7

Thread: Reverse Engineering Libraries

  1. #1
    tabacky
    Guest

    Reverse Engineering Libraries

    How would you Reverse Engineer a programs global varible's Name and the structs Name and the struct's varibles Names?

    From what i understand the compiler doesnt add this information to the exe or dll. So how is it some people are reverse engineering libraries and obtaining this information?
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  2. #2
    g3nuin3
    Guest
    Im gonna go on a limb here and say you are referring to librarys that export their functions.. IF thats the case then yes it is possible.. see when a programmer codes a dll and exports the functions ( this is done by explicitly telling the compiler to do so).. One can find these exported function names in whats called the Export Address table.. its something similar to the Import Address of Table, but contains, the exported functions, which are usually because an exe uses the functions from them.. Windows system dll's export theire functions as well, this is how we can also manipulate them if im correct.. Now to reverse all you need is an understanding of the asssembly language, and how local variables are accessed ( EBP - hexvalue) and can also determine its arguments (EBP+ hexvalue. usually +8h or higher.. assuming a normal stack frame) the rest is really just up to skill and understanding of what youre reversing.
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  3. #3
    Unless they're exports, the names are usually not occurred in the binary. However some leave the debugging information in, which IDA can utilise.

    Structure accesses are usually done with a LEA to get the address of the structure itself, and the access proper is usually a [esi + xxxxxxxx] or [edi + xxxxxxxx] depending on the compiler.

  4. #4
    tabacky
    Guest
    i guess i didnt make myself very clear... i know all about the IAT and EAT i have made a rather complex hooking engine ... what im geting at is (global vars) its just an address pointer in the disasm. is the original name stored somewhere in the file that i dont know about...

    In other words

    global int int_global;

    global struct struct_global
    {
    int struct_global_int;
    string struct_global_string;
    }

    in the disasm int_global is at an address which points to the data (0x0000000) and at the pointed address is the value... right?

    but where in the compiled file is int_global?

    also im refering to a visual c++ compiler...
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  5. #5
    Will not occur unless file has been compiled with debugging information enabled. In which case, IDA will be able to identify and use it.

  6. #6
    <script>alert(0)</script> disavowed's Avatar
    Join Date
    Apr 2002
    Posts
    1,281
    Quote Originally Posted by tabacky
    is the original name stored somewhere in the file that i dont know about
    No; the compiler removes the name.

  7. #7
    If it's not exported, the ascii name is obviously removed.

    It's worth noteing that it's possible that when reversing the DLL, the same name as the original will be given to the structure or globals, within reason. It's not actually important that the names match identically, but I prefer to believe I give names at least as good as the orriginal coder did, if not better.

    In IDA, and even to a limited extent Olly, I find myself giving the functions, globals, structures, and classes very readable names, and it is likely that on occasion the original program had some of those same names. I like readable code, and I can't help but believe I'm not alone.

    I should qualify that I usually only put in a lot of effort when truely reversing, vs. just taking out a protection. But I'm fairly certain the resulting C or C++ is nearly identical to the original, but probably much better commented...

Similar Threads

  1. Reverse Engineering Hardware?
    By PimpDawg in forum Advanced Reversing and Programming
    Replies: 17
    Last Post: July 29th, 2010, 09:45
  2. CSI x Reverse Engineering
    By funtikar in forum Off Topic
    Replies: 24
    Last Post: September 8th, 2009, 22:59
  3. Reddit Reverse Engineering
    By Kayaker in forum Off Topic
    Replies: 6
    Last Post: August 5th, 2009, 08:22
  4. VB Reverse Engineering
    By asifpervez in forum The Newbie Forum
    Replies: 6
    Last Post: July 23rd, 2008, 00:13
  5. Reverse Engineering C++ DLL
    By tabacky in forum Advanced Reversing and Programming
    Replies: 7
    Last Post: June 6th, 2005, 15:44

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •