YOU Have Found MAMMON

YOU Have Found MAMMON_

Remember back when HTML was a Markup Language used to link keywords to actual information without the constant bombardment of multimedia distractions that lend readily to the adoption of a channel-surfing as opposed to a knowledge-seeking attitude? When browsing implied a specific goal, an area of knowledge that needed illumination? Perhaps you do not...

Intents & Purposes Reverse Engineering Assembly Education Tools Links Ring

Mammon (ma'mun) n. The god of this world. The word in Syriac means riches. (See Milton: Paradise Lost, bk. i. 678.) His speech in the council is book ii. 229, etc. Brewer's Dictionary of Phrase and Fable

New: Reslib.idc mod 12.27 | PE File Format started 1.04

Intents & Purposes
This page has been set up primarily as a resource for the "bete noir" of programming, Reverse Engineering. In essence, Reverse Engineering appears deceptively simple: to regain the original source code from a compiled, functional exectuable file should be fairly straightforward. Right?

Wrong. The Intel x86 instruction set is very complex, and contains a lot of redundancies. The complexity results mostly from Intel's memory addressing scheme, in which offsets which are referred to by the programmer can reside in any number of 64K (64 thousand, not 64 Kilobyte) segments; in addition, there is no standard sequence for interleaving data and actual code in a program, so that a disassembler must make multiple passes in examining the program to determine what is actual code and what is, in fact, data. The redundancy inherent in the x86 instruction set is due to machine-code functions that have multiple mnemonics in order to make the assembly language somewhat more intuitive for the programmer; as a quick example the functions JZ (Jump If Zero) and JE (Jump If Equal) both translate to Jump If Zero Flag Is Set (or Jmp ZF=1), which translates to 74 hex in machine code...yet the clarity of the surrounding code will depend on whether the instruction is testing the result of an equality test or a "zero-ing" test.

So what exactly is required in order to properly Reverse Engineer? 1) Time. And lots of it. I know this because I have none.... 2) An intimate knowledge of assembly language (ASM), and a general familiarity with high-level languages such as C/C++, Pascal, Visual Basic (well, some people call it a language), and generally any language that the target program might have been written in (Java, Perl, Fortan). 3) Books. The amount of reference material you need, either on- or off-line, is staggering: an Op-codes listing (a listing of the assembler mnemonics and their hexidecimal machine-code equivalents), a list of OS and BIOS services, hardware and programming documentation of APIs, port numbers, etc. 4) Tools. The more tools you have, the less reference material you are likely to need. Good software tools (such as disassemblers, resource editors, etc.) pull information from the executable itself and will save you a ton of research. 5) Perseverance. If you have excellent concentration and a bulldog-like determination, Reverse Engineering is the sport for you.

Is it wrong? Like so many other things in life, it depends on what you do with it. There is nothing wrong with Reverse Engineering a program out of curiosity to see how it works; it is considered wrong to steal code gained by Reverse Engineering a product, and the art of "cracking" programs by Reverse-Engineering their protection schemes often brings cries of "software piracy". Most companies--given the chance--will not allow you to Reverse Engineer their products even if you are a registered owner; the code of the product, while lying visible for anyone with Debug.exe to read, is considered a trade secret. What it all boils down to is something that must be viewed rationally and with great practicality: with the popularity of the Internet: Knowledge (or software or code) is Free. Whether or not you make your knowledge/ code/ software available to the Internet or not, it will end up there, and someone will reverse-engineer it if it is interesting, someone will crack it if it is protected, and someone else will inevitably get a free ride. The best you can do is either to a) throw on the heaviest protection scheme you can afford and charge enough so that the purchases of the people who can't crack your program will cover your losses, or b) provide the source code with the program and ask for donations. You will find that most of the software developers who choose to profit from their trade will follow one of these two courses.

Once again, is it wrong? In my view, no. If you have the wit and will to draw the source code from a 4 MB executable, then you deserve the routines that lie therein. If you can go one-on-one with a protection scheme and crack the program, you've won: it's yours. This is mostly a practical attitude: short of monitoring every PC in the world, you cannot stop a person from cracking or Reverse Engineering a product, so you might as well not exhaust yourself trying to prevent it. It would be nice if only those who were able could benefit from cracks, i.e. if they were only available within the "cracking community" (which, to some extent, they are), but the nature of the medium prevents that; any user can type Winword Crack on their search engine and pull up results.

Reverse Engineering
Reverse Engineering is the art of arts, as far as computers are concerned. When you can pull apart a commercial application to learn its secrets, or single-step through the boot sequence of an OS to steal its innermost secrets, then you have power over your computer. Until that point you are just another user subject to the whim and caprice of your machine, seperated from the knowledge of its operation by a shroud of mysticism that clouds your eyes and your judgement.

Some of the best tutorials on the web are available from this mirror of Fravia's +ORC and +HCU pages.

PE File Format NEW

The following links may prove useful to those interested in Reverse-Engineering and other hard-core PC ventures:

Decompiling Page

Decompiling Publications (DCC)

Interrupt List (Ralph Brown)

Reverse Engineering Group (Georgia Tech)

Soft-Ice Manual (APC)

Win32 SDK Help (APC)

Assembly Language
I have come across a number of assembly language tutorials on the Web--more, in fact, than I have books or manuals. What I have noticed about ASM tutorials is that they seem to be either very basic (what registers and services are, what the basic commands are, etc.) or very specialized (games/graphics programming, virus writing, etc.). What I hope to provide on this page--though I am by no means an ASM master--is a practical introduction to ASM programming, with explanations of full programs as opposed to the "snippets" I come across so often.

Foundations of Assembly Language(started)

Writing Programs in Assembly(inactive)

Commented Source Code(inactive)

The following links may help the ASM aspirant on his quest for knowledge:

Assembly Language Tutorial

Intel Opcodes Listing

Revolutionary Guide to Assembly (Source Code)

Master Class Assembly (Source Code)

System Utilities
Every "engineer" needs tools. Over the course of my time spent with PCs I have come across many good tools: some interesting, some useful, some indispensable. There are so many, in fact, that I have devoted an entire page to Tools.

Continuing Education
Reverse-Engineering requires constant study to keep up with changing technologies. I have found Fravia's site to be consistently impressive in terms of both the amount of knowledge available, and its sheer applicability--most notably in the student and +ORC pages. In addition, ACP maintains an excellent tutorial page which even contains the coveted Soft-Ice manual! Let us not forget the eternal (or so it seems) Silicon Toad and Greythorne the Technomancer, whose Symbiote program is not only an excellent cracking tool, but a perfectly-commented example for learning assembly language and a demonstration of virii programming techniques applied to conventional--or perhaps I should say non-virii--programs. Additional sites may be found on my Links page, with comments (natch). Finally I maintain a "web-ring" of sorts, with Member1 being a rather utilitarian startup page, Member2 being a growing knowledge-base on Windows 95 (especially the Registry) and--eventually--NT, Member3 being a site dedicated to the functional side of Reverse-Engineering (read: Tools Of The Trade), and Member4 being a small step into the area of classic literature. I suppose this site shall become Member5. Work is currently being done on Member6, a tentative foray into the Java/Javascript world.

In addition, many web development resources and tools have been collected on the Web Developer page, and a bulletin board intended as a Q&A forum for reverse engineering tools has been set up at the Reverse Engineering Forum, hosted by the Server Corporation, home of WebApps.

Member1 * Member2 * Member3 * Member4 * Member5 * Member6

Resources

Free Email:

HotMail--Anonymous, but puts your IP in email header

NetAddress--Anonymous, but same as above

SuperNews--Want an existing email account: Mine never worked...

Rocketmail--Demands Cookies

Free WebPages:

Geocities (2 MB) Sort-Of-Strict Policy

Cybercity (5 MB) Okay Policy

FortuneCity (6 MB) Okay Policy

Angelfire (200 K) Strict Policy

Eccentrica (500 K + bonus) Great policy ("as long as you get hits and are not perverse..." ;)

If you must: mail