I've been trying to become knowledgeable about RE and its difficult and no this isn't a post about someone teaching me, just a question if this is correct to learn, I can understand tutorials but I'm not learning anything, cept how to copy their moves for that specific target, I've searched on several forums on how to start properly and most answers aren't worth looking at, only a couple of productive answers-

1. Understand code...(asm, c)
2. Things like the PE Header, SEH

Well, I'm no pro at C and ASM, I can follow in code in C pretty easily and ASM to some extent cept the books never teach you things like what FS:[0] is, which I found out is related to SEH today...

So I wanted to just ask where else to learn to read/follow or materials I should get, stuff like that.

(One good example is Lena151's tutorials, basic but informative I suppose, I could follow Joker_Italy and What's tutorial on reversing Themida 1.9.1 for example, but I'm stuck on Code Replace and I'm trying to search more on that.

ty in advance

Howdy,

Good questions. I am not the best person to get answers from but I will offer my insight, limited as it is.

Anyone can follow a tutorial. I mean, its a tutorial, its direct and to the point.
Understanding the tutorial is a whole 'nother bucket of worms.

Taking some classes in ASM and C are a good start. If you are ambitious, you can get some books and learn on your own.

RCE has a rather large learning curve and it starts with the two things you already know. If there were a shortcut I would at least taunt you with it, but there is not one.

As long as you show an effort we can help you along.

Woodmann

Aww, I'm happy for your reply and all but !! I wanted something like

'thats a stupid move, you should do this'

Yeah, I find things like, I can understand what encyption is: the stub runs and take a chunk of data and decrypts it, so static analysis is no-no. Ok next topic: Code Replace (say what?)

I wanted to learn and get an insight on how to progress from

Beginner (what is ASM and C) to become Intermediate (Ok sure, I can't unpack FlexLM just yet, BUT I KNOW what the protection methods ARE and not just by name and from reading a 1 sentence description I randomly found)

As for the learning curve, it seems like its like ..really...really big.

halp guys

A push to FS:[0] is called an Structured Exception Handler or SEH for short.



http://www.microsoft.com/msj/archive/S2CE.aspx
http://en.wikipedia.org/wiki/Win32_Thread_Information_Block
http://msdn2.microsoft.com/en-us/library/ms253960(VS.80).aspx

While their purpose isn't designed for anti-debugging and they can be annoying, but aren't really an issue if your debugger is setup correctly.

http://vx.netlux.org/lib/vlj05.html
http://www.thefengs.com/wuchang/work/courses/cs592_spring2007/Lecture10.ppt

Lots of reading out their remember Google is your friend.

As for for the "curve" you mention I assume you mean ECC which comes in many flavors.

http://en.wikipedia.org/wiki/Elliptic_curve_cryptography

Elgamal is a popular one
http://en.wikipedia.org/wiki/ElGamal_encryption

Elliptic Curve Digital Signature Algorithm being the most secure right now.
http://en.wikipedia.org/wiki/ECDSA

But their are many flavors you will run into with a PUB/PRIV these days
http://en.wikipedia.org/wiki/Public-key_cryptography

You kind of need to at least have a basic understanding of crypto on paper before you can begin to analyze it in a debugger window. I don't expect you to read and memorize these just try to get a basic understanding.

You know, just enough to get the tip of your keyboard wet
lol

Peace Man

Hi,
As we all know RCE (the best thing in world:cool is not one hour way..itz a process to learn a lot..
You must ask yourself(cuz we know really what we are) one time that
What did you studied by now? and
What do you know by now..?

Believe me if you are having dedication to this ART you will definately get into
job..only a request dont give up..it may really take time n infact it takes..I am reversing since 2007 i have less time due to my studies I have also less resources but RCE is my passion I cant leave it you can say i am RCE addict
Where as question of tutorials..
Ricardo Narvaja did a great great job and you can grasp much from his tutorials. Along with this click the link of Crackz site he has a lot of tutorials..
and most important THIS FORUM may really be a boon as many great reversers are here..

and the FS:[0] is explained nicely by D-jester..D-jester hearing or not..

At last
LEARN or NOTHING!!

like 2am couldn't sleep, guess I read what he wrote wrong lol

lol, thanks for the reply guys, yeah, i've realized by now that RE is an art, so is many other fields of work, each has their own 'intricacies'.. I do like this and know since I've like this since I was younger, but didn't have the capabilities to understand programming and so couldn't handle anything more advanced,

I guess I'm more of a book person, so having books and topics to read and re-read rather than squinting at a tutorial over and over again. I want to find some resources rather than tutorials (since tutorials are skims of actual papers/articles/ things like that, and the problem is, I don't know what kind of articles/papers thing to look for :cry FOR EXAMPLE: the FS:[0], during NORMAL programming as learning ASM from something like Art of Assembly, it never mentions it, so I would never think its there, and then I see it in Olly in a packer, I google FS:[0] and get some queer answers (try it yourself) thats where my issues are, and that being one of them.

Thanks for the contributions!

dig deeper and dig often..SEH_CALL by y0da, passing Paramaters with SEH(CodeProject), VEH(Vectored Execption Handle),SEH Overwrites(examples abound..),SEH Interupt Handling(+F dedication crackme by evaluator), KiUserExecptionDispater(cant't think of any other example or research except nynaeves),so many fun others....

here evaluators way..
00406054 > $ FC CLD
00406055 . 2BD2 SUB EDX,EDX
00406057 . 64:830A FF OR DWORD PTR FS:[EDX],FFFFFFFF
0040605B . CC INT3

RCE and 'hacking' and 'learning' are lifelong dedications to understand and improve upon yourself and your own knowledge, and to apply that knowledge in new and interesting ways. BUt yea theres alot of stuff out there 29a, Goppits ASM Guide to Cracking for noobs, codeproject,Elicz site,and a nearly endless supply of new and updated sites daily..So if this all seems like to much it really is..but dont be daunted or listen to the people that tell you "why bother doing 'research' when you dont know what your end goal is.." let your answer be to yourself 'knowledge is power' and to them I would say 'you are not me, are you?'

BanMe

I read and followed hundreds of tutorials to get started. I just found it fascinating and could spend hours going over this stuff. But I didn't really learn much until I chose my own targets and worked through them myself. I like to find a good tutorial, then get a different version of the same program and see if I can duplicate the process on a (slightly) different target. Other than that, pick your own targets and just tear into them. That way you find out what you need to learn and how to use that knowledge. You pick up little bits at a time on all sorts of random subjects. I can read any number of tutorials on a given topic, but if I never put that info to use for myself, it doesn't stick in my brain. I have to make up my own problems, then figure out how to solve them.

Yeah I agree dude..!! azfk you should remember PRACTICE MAKES MAN PERFECT why dont you try a hand on easy crackmes on (crackmes.de)...

UserNombre:That is probably the best worded description of how to start 'anything' that I have ever read.attack learning about 'it' with passion, and practice what you learn about 'it'. I am drunk on medicine right now..but thats inspirational..lol :d

BanMe