» Unlabelled » Reverse Engineering : Intro to Olly

Reverse Engineering : Intro to Olly

Reverse Engineering

This is the process of generating a useful product by using the design and components of a pre existing product. In computer world Reverse Engineering is used to study the functionality of the software and compute the logic and code behind it The basic aim behind this is to make a copy of the software. I am going to use Reverse Engineering to crack softwares. I will be using OllyDbg for this purpose. 

Introduction to OllyDbg

Firstly I'll introduce Olly, and the different windows we see on while reversing an app.Olly is a third level Debugging(assembler level analysing) tool for Windows. For downloading Olly visit the link  The picture below is the first screen we see when we open Olly.

 The next step would be to load the file we are going to reverse and run it. For downloading reveseMe.exe visit the link

 


Now select the reverseMe

Let us first try to understand what the different sections on the window are, let us go from left to right and then the bottom ones 

  • The leftmost section is the "virtual address" window. The next two in the order are the "opcode" section and "mnemonics" section, opcode stands for operation code, in simple language this is code for the instructions in  assembly language.And mnemonics are the conversion of opcode readable to humans. Next up is the comment section Olly has made our work easier by including this section in the window.
  • Now the rightmost section, it is the "Register window" here we have the 9 CPU registers and a few flags. At the top we have the 9 CPU registers . We see 8 Flags just below the registers, out of these 8 flags most of our work will be concerned with only of them, the three  being "C", "Z", and "O". 
  • Now in the right bottom we have the Stack window, here we can notice the changes happening on the stack(as the instructions are executed). In the left bottom we have the "Dump window".
  • The window in the middle or just above the Dump window is the Pane window, In this window we see whats is going to happen in the next instruction
We have covered all the different windows  present on the CPU - main thread of Olly. Now we will move on to a few shortcuts, apart from the icons on the toolbar Olly provides shortcuts and a few of them are

Shortcuts

f8   : This button is used to run the application by executing each instruction in the respected order.
f9   : This is used to run the debugged application.
f12 : Pause button.
f7   : This performs the same function as that performed by f8 but we a "CALL" statement is encountered this follows the instruction inside the call.

For better understanding of the registers and flags follow the link Registers and Flags

Now we have a basic knowledge about OllyDbg. We will reverse the first application in the next part

Post a Comment