X hits on this document





22 / 120

of decompilation technology for machine code, using a decompiler to recover the high-

level language source of an executable doesn't seem feasible; however, because of the

one-to-one correspondence between machine code and assembly language statements

[10], we can obtain a low-level language representation. Fortunately there are graphical

tools available that not only include a disassembler, a tool which generates assembly

language from machine code, but also allow for debugging and altering the machine code

during execution.

4.2 Wintel Machine Code Reversing and Patching Exercise

Imagine that you have just implemented a C/C++ version of a Windows® 32-bit

console application called “Password Vault” that helps computer users create and manage

their passwords in a secure and convenient way. Before releasing a limited trial version

of the application on your company’s Web site, you would like to understand how

difficult it would be for a reverse engineer to circumvent a limitation in the trial version

that exists to encourage purchases of the full version; the trial version of the application

limits the number of password records a user may create to five.

The C++ version of the Password Vault application (included with this text) was

developed to provide a non-trivial application for reversing exercises without the myriad

of legal concerns involved with reverse engineering software owned by others. The

Password Vault application employs 256-bit AES encryption, using the free

cryptographic library crypto++ [17], to securely store passwords for multiple users—

each in separate, encrypted XML files. By default, the Makefile that is used to build the


Document info
Document views530
Page views531
Page last viewedSun Jan 22 15:00:56 UTC 2017