RE
making sense of stuff
run strings, strace, trace execution path in graph view (maybe get trace through gdb), get class list/function list
patch the binary for log messages
recognize crypto by looking up constants
have some unpackers ready (eg for UPX)
get a list of function names / class names as an overview
find main
look for refs to relevant strings(shift+f12) in the code (xref shortcut: x)
use placeholder names (eg. fruits) for unknown functions to make them recognizable
Decomplicate in ida:
use group nodes functionality
rename stuff.. (shortcut: n)
retype stuff.. (shortcut: y)
Other valid strategies:
reengineer the code, recompile it
clever hooks instead of tedious reversing
dynamic approaches:
breakpoints at all functions, run and see what breakpoints remain
Last updated
Was this helpful?