Key Takeaways

  • Compiled Code: When C++ code is compiled, it turns into machine code (Os and 1s). Reverse engineering is the art of turning those 0s and 1s back into readable logic (Assembly).
  • Ghidra: The NSA (yes, the spies) released a free tool called Ghidra. It is a Decompiler that guesses what the C code looked like.
  • Cracking: To crack a game, you find the instruction JNE (Jump if Not Equal) that checks your license key, and change it to JMP (Jump Always).

You have the executable (.exe) but not the source code. How do you find out if it's a virus? You take it apart.

Assembly Language (x86)

This is the language of the CPU. It is very hard to read.

MOV EAX, 1   ; Move 1 into register EAX
ADD EAX, 2   ; Add 2 to EAX
CMP EAX, 3   ; Compare EAX to 3
JE  Success  ; Jump if Equal to Success

Reverse engineers spend their days reading millions of lines like this.

Tools of the Trade

IDA Pro

The industry standard. Extremely expensive ($5000+). Used by antivirus companies to analyze complex malware.

Ghidra

Free, open-source, powerful. It includes a "Decompiler" window that shows C-like pseudo-code next to the Assembly, making it much easier for beginners.

Malware Analysis

Malware authors try to stop you. They "Pack" or "Obfuscate" their code, making it look like garbage data until it runs. Unpacking malware is a specialized skill involving running it in a debugger (x64dbg) and dumping the memory.

Frequently Asked Questions (FAQ)

Is it legal?
It depends. Reversing for interoperability or security research is usually protected. Reversing to bypass DRM (Digital Rights Management) violates the DMCA in the US.
Is it hard to learn?
Yes. It is considered one of the hardest fields in IT. You need to understand CPU architecture, memory management, and hexadecimal math.

Learn about a classic memory vulnerability.
Read Buffer Overflows