Hey, my name is Ish, I'm interested in reverse engineering for curiosity's sake and exploit discovery and development and/or malware analysis. I don't like cook book style learning so I'd like to have a very thorough knowledge about how processors work which kind of suggests more of a computer science background. That's totally fine with me, because I'll read the veteran posters responses to questions and I feel like I've learned ten new things every sentence and I'd love to be that smart some day. So I've done a little bit of digging around on line, barnes and noble, borders, amazon, etc... and i've come up with some books that might help explain things to me so I can open IDA or Olly and look at simple 'hello, world' style programs and watch the program execute and say "oh, ok, so that's what they mean".
Books like Jones and Barlett's Introduction to 80x86 Assembly Language and Computer Architecture, Jones and bartlett's The Fundamentals of Computer Architecture and Organization or Computer Architecture - A Quantitative Approach to explain HOW a processor processes the code that it does and how code works, stack heap, different parts of the assembly program. Mostly just to shed some light on the little mysteries of processors.
Then for actually learning assembly, I have The Art of Assembly Language by Randall Hyde. I've looked through that, I don't think I'll need much else really, there's a lot there. And then The IDAPro book for IDA when I've gotten to the point that I can utilize it.
So I was hoping for your thoughts on the books, does it sound like I'm on the right track for what I want to do or should I look into different books? Do the books that I found even cover what I need to learn? I hope I didn't confuse anyone. If I did, let me know I'll try to clarify. Thanks for any advice/flames in advance.

~Ish

P.S.
Looked around the forums for similar advice requests, I found people mostly looking for hand holding so I wasn't able to find much in the way of an answer for me. Does the above sound like hand holding? Crap, now I'm paranoid!

If, you have *really* gone through Randall Hyde's Assembly Language book, then your cause is already lost.

This *HAS* to be the crappiest Assembly book ever (of course, a PERSONAL opinion). It is not a book on Assembly Language. It is a book on Randall Hyde's interpretation and modification of the Assembly Language. Most of his students, after taking his courses, are completely at sea when it comes to real life Assembly.

My suggestion?

Download Intel manuals and pile them on. And then try debugging simple applications released years ago (Winzip 5-6 and MIRC 4-5 versions) are quite good. Of course, using IDA (or Olly, which I personally don't use -- just aesthetics, not a reflection on its capabilities).

Alternatively, going through the tuts of ORC (How to Crack) and using a disassembler instead of a debugger is also OK. His essays will set a good foundation for you.

Personally, IDA Pro and its inbuilt debugger (or windbg from microsoft - *quite* a powerful debugger) is ok.

Of course, as you rightly mentioned, there is no *ONE* way on this road. Apart from reading and trying out a lot. my one piece of advice -- as far as possible, DON"T give up.

Barry B. Brey's "The Intel Microprocessors" Eighth Edition. Its good.

Best of Luck

Have Phun

Have Phun

Hey, thanks for the reply. I've just scanned through Art of Assembly, I haven't read the whole thing. It looked like he made a bunch of macros and wrote a parser to turn it into nasm syntax (which i've read is intel?) and then used nasm to translate into machine code to make it less intimidating to use assembly. I haven't actually started reading it because it seems like there's more that I need to know to use assembly, like how the the x86 architecture works. I'm reading the Intro to 80x86 assembly and architecture right now, and there are some other books I know of that seem to cover similar topics. I'll check out The Intel Microprocessors as well. Thanks again.
~Ish

If you are new to reverse engineering one of the most popular series which introduces you to the subject and commonly used tools is Lena's Reversing for Newbies. You can find the entire index of the series below with download links.

Index:

01. Olly + assembler + patching a basic reverseme
02. Keyfiling the reverseme + assembler
03. Basic nag removal + header problems
04. Basic + aesthetic patching
05. Comparing on changes in cond jumps, animate over/in, breakpoints
06. "The plain stupid patching method", searching for textstrings
07. Intermediate level patching, Kanal in PEiD
08. Debugging with W32Dasm, RVA, VA and offset, using LordPE as a hexeditor
09. Explaining the Visual Basic concept, introduction to SmartCheck and configuration
10. Continued reversing techniques in VB, use of decompilers and a basic anti-anti-trick
11. Intermediate patching using Olly's "pane window"
12. Guiding a program by multiple patching.
13. The use of API's in software, avoiding doublechecking tricks
14. More difficult schemes and an introduction to inline patching
15. How to study behaviour in the code, continued inlining using a pointer
16. Reversing using resources
17. Insights and practice in basic (self)keygenning
18. Diversion code, encryption/decryption, selfmodifying code and polymorphism
19. Debugger detected and anti-anti-techniques
20. Packers and protectors : an introduction
21. Imports rebuilding
22. API Redirection
23. Stolen bytes
24. Patching at runtime using loaders from lena151 original
25. Continued patching at runtime & unpacking armadillo standard protection
26. Machine specific loaders, unpacking & debugging armadillo
27. tElock + advanced patching
28. Bypassing & killing server checks
29. Killing & inlining a more difficult server check
30. SFX, Run Trace & more advanced string searching
31. Delphi in Olly & DeDe
32. Author tricks, HIEW & approaches in inline patching
33. The FPU, integrity checks & loader versus patcher
34. Reversing techniques in packed software & a S&R loader for ASProtect
35. Inlining inside polymorphic code
36. Keygenning
37. In-depth unpacking & anti-anti-debugging a combination packer / protector
38. Unpacking continued & debugger detection by DLL's and TLS
39. Inlining a blowfish scheme in a packed & CRC protected dll + unpacking Asprotect SKE 2.2
40. Obfuscation and algorithm hiding

Download Links:

http://tuts4you.com/download.php?list.17 ("http://tuts4you.com/download.php?list.17")

But tutorials don't explain assembly code well enough for real newbies. So, if you just start learning reversing it would be better to learn the basics of Assembly Code - what it is and how it let you reverse (to learn registers and how the software accesses memory, what binary actually means to the reverser and how to translate that into hexadecimal etc.).

Find a programmer's reference on the web for ASM to lookup and reference any instructions that confuse you. Opcodes.hlp is another one that comes with MASM that is helpful.

Thanks for the suggestions, everyone. I really appreciate the help.

OMG STOP NOW reading hyde's book.

The *only* very good part of it it's the machine description, which is very well made.
Assembler would be too, but HLA is at lose on RCE. It is good for basic teaching at university courses where RCE has *no* part, however.

Go through this:
http://www.drpaulcarter.com/pcasm/

then, google for iczelion's tutorial, grab masm+radasm ide and start writing your first small apps in asm.

If you spend even 2-3 weeks doing this, you will start with a much stronger background when approaching RCE and you will 'flight' through crackme.de challenges.

Cool, thanks for the advice. I'll check out pcasm and I'll have to check out iczelion's tutorial. It keeps coming up so I'll definitely have to check it out. Thanks again.

I agree with the other guys who suggested this is not a good book on assembler. I also agree that the best approach is to download the free Intel manuals on the Intel CPU. It will explain very clearly how a processor works and how machine language and assembler work on it.

Iczelion is good and the old Ork tutes are good, although you may have difficulty finding the old apps he used as examples, and running them.

The mistake Hyde made in his book was writing it for idiots. There has been a tendency over the last 30 years in universities to treat students as dumb machines who cannot exist without the professor. So, they are spoon-fed any old pap the prof thinks gets the message through.

Along the way, you might decide to learn the C language. That leads to the C++ language. If you try to read a book on C++ by an average teacher, you will become thoroughly confused. However, if you read the book by the guy who developed C++, Bjarne Stroustrup, it makes perfect sense.

WHY?? People who write on C++ were reared in object-oriented atmospheres, and they learned obfuscated concepts, which they cannot explain. Stroustrup wrote the obfuscation and he knows how it works. He also explains why.

It's very important in the beginning that you learn how to relate languages to the processor, rather than learning a language that obfuscates the processor and hardware. Intel built the processors and did it to run machine language. Assembler is the next highest language along the line and Intel explains the relationship between the processor, machine language and assembler. On the other hand, Hyde thoroughly obfuscates it.

Whereas the Intel CPU architecture can become very complex, you don't need much to get started. You may have to do a lot of reading, however, to get to a simple level.

I've found some better books on assembly: Introduction to 80x86 Assembly Language and Computer Architecture and the Intel 64 and IA-32 architectures software dev manuals 1, 2a, 2b, 3a, 3b (are these the correct manuals http://www.intel.com/products/processor/manuals/ ).
I do know a little C and have a good book on it that I'm going to finish reading through.

Obfuscation == bad.

Right on, thanks again for the advice.

Hi,

you can get hard copy of intel manuals by ordering them here:
http://www.intel.com/design/literature.htm ("http://www.intel.com/design/literature.htm")

Everything is free.

Regards

Hey, thanks for the link, I'll check that out.
~ish

Coincidentally, I am starting out with assembly right now as well. My interest is in linux, but even if you focus completely on Windows and MASM, you can find some potentially useful links from asmdotsourceforgedotorg, having both links to examples of simple assembly programs and book references. The software for the +Orc tutorials can still all be found from goggle$. Also at goggle$: [+nasm +examples +ray] and [+site:ibm.com +linux +gas +nasm] plus an old redhat page with "i386-syntax" in its URL, still available in the archive, could be useful; last two mainly for linux.

Coincidentally,

Do you think you could provide a non l3370 link?

Woodmann

Sorry, I don't know what l3370 means. But from the semi-grumpy tone, I assume you are not happy about my linking skills ;o) Maybe I took the "no direct linking" in the FAQ too far, apologies. Here is a longer list to make amends.

Tutorials:
http://win32assembly.online.fr/
http://en.wikibooks.org/wiki/X86_Assembly
http://www.cs.virginia.edu/~evans/cs216/guides/x86.html
http://asm.sourceforge.net/resources.html#tutorials (linux)
http://patater.com/gbaguy/x86asm.htm (16 bit)
http://web.archive.org/web/20080502141828/http://www.xs4all.nl/~smit/asm01001.htm (16 bit)

Books/Manuals:
http://www.intel.com/products/processor/manuals/
http://www.drpaulcarter.com/pcasm/
http://savannah.nongnu.org/projects/pgubook/
http://kipirvine.com/asm/ (MASM)

Assemblers:
http://www.nasm.us/
http://flatassembler.net/
http://info.borland.com/borlandcpp/cppcomp/tasmfact.html
http://www.gnu.org/software/binutils/

Disassemblers:
http://en.wikibooks.org/wiki/X86_Disassembly/Disassemblers_and_Decompilers

Instruction set:
http://ref.x86asm.net/

Fora:
http://www.masm32.com/board/?
http://board.flatassembler.net/
http://www.asmcommunity.net/board/
http://groups.google.com/group/comp.lang.asm.x86/topics

Ciao,

υπόγειος

We have never had a problem with "direct links" to non-commercial programs, particularily tools and articles on reversing.

It's links to commercial programs and/or "cracks' for commercial programs that have the makers of such programs raising complaints with our service provider and causing us problems. We've had to move our server more than once over such issues.

That's why we are cautious about such things.

Woody, however, was commenting on the unnecessiarly cumbersome style of your links.

Regards,

Ya, what he^^^ said .

Woodmann

This wiki link seems old and fairly confused. It fails to distinguish between a disassembler and a debugger.

With reference to disassemblers, it lists wdasm32, a good disassembler in its day to people who were only learning about IDA. Why it is listed in this article is beyond me.

Ollydbg is listed as a free disassembler, along with the free IDA 3.7. While Olly does disassembly, it is actually a debugger, a program that interacts with an app in real time. The author does not seem to be aware of 'softice', a debugger that allows access to ring 0 code, or the free windbg from Micro$oft, which does the same. Of course, Olly is free and everyone paid big bucks for softice.

Softice preceded Olly by quite a bit and is still preferable to some people, although it is limited to XP systems, till someone gets desperate for a Vista/Win7 debugger that works at ring 0, and mods softice to work there.

It got too tedious too write individual links to those tools, so I just referenced the wiki when I found from goggle$ that it had links to several linux disassemblers. I am even considering putting Windows on an old machine just because the amount of tutorials and excercises on linux RE seems to be negligible compared to stuff on RE in Windows, which has tons

Other s :
No free version of IDA for linux, unlike for Windows.

Many useful pointers into http://www.reverse-engineering.net/, but site is down.

File format reversing and stripped binaries gives me headaches for now!

I need to learn Italian and Russian.

I am afraid this stuff is addicitve.

One last question; do I need to learn about computer science before I start writing assembly language and reversing? I want to learn it anyway because I think it's interesting but do I HAVE to have it before I learn asm? Thanks again.

I really like that site! anyone know where that ran off to? Thanks.