Reverse engineering

Reverse engineering

Introduction In the past, systems such as MSDOS used the real mode, and it had no protections against accessing any memory address. Programs then were able t

Reverse engineering

Getting the physical address manually So far we've figured that the virtual address is the same as linear address, so in the next part of the article we can

Reverse engineering

Introduction In this tutorial, we'll go over the process of translating a virtual address to physical address the way a processor does it. To begin, let's p

Reverse engineering

The term "Memory Dumping" in reverse-engineering is essentially a process of taking a snapshot of the executable. Taking a snapshot means capturing the st

Reverse engineering

Introduction In the previous article, we saw how we can compile the source code to a 16-bit binary executable, create an iso image with the executable stored

Reverse engineering

Introduction We all know that the IA-32 processors have two modes of operation: real mode and protected mode. But why would we want to talk about real mode?

Reverse engineering

Introduction Upon booting up MSDOS, we can observe the memory using the "mem /d /p" command, which will show us exactly which part of memory is used by th

Reverse engineering

Memory We know about user mode and kernel mode, and how programs in user-mode can only use the memory from 0x00000000 to 0x7FFFFFFF, while the system uses th

Reverse engineering

Introduction Before trying to debug the kernel, we must first understand a few things. We must know what the Rings in computer security are. Let's take a lo

Reverse engineering

Introduction Summary: In this article, we'll present a simple program that uses 'if' statements and then we'll try to reverse engineer the compiled version o