EE 491F, Software Reverse Engineering
Add to Google Calendar
Date: Mon, January 11, 2021
Time:
Location: online
Speaker: Mark Nelson, ICS PhD candidate
Date: Mon, January 11, 2021
Time:
Location: online
Speaker: Mark Nelson, ICS PhD candidate
Prerequisites:
EE 367 or equivalent of 2 semesters of programming. Students must have an intermediate level of C Programming to be successful in this class. Assembly language is recommended, but not required. Prerequisite overrides will be available on a case-by-case basis.
Goals:
Students will gain an understanding of the steps taken to get from source code to the execution of machine instructions. Using these skills, students will be able to analyze compiled executables and libraries to expose the true operation of a program. A side benefit of developing these skills is a “leveling up” of their programming expertise.
Topics:
- Machine architecture & assembly language
- Linkers, loaders, programs & processes
- Executable file formats (.exe, .dll, Linux executables & shared libraries)
- Debugging tools such as: gdb & WinDbg
- Software Reverse Engineering tools: Ghidra & IDA Pro
- Static analysis tools: Utilities for working with executable files
- Resource monitoring tools: Sysinternals, Linux monitoring
- Memory forensics: The Volatility framework
- Obfusaction & deobfuscation
- Virtualization-based sandbox environments for working with live malware
Outcomes:
- Develop familiarity with reverse engineering tools, techniques & practices for:
- Software specification recovery
- Malware analysis
- Resource management (i.e. communications protocols)
- Memory forensics
- Obfusaction of code and deobfuscation of obfuscated code
- Opportunity to work with live malware using sandboxed environments
- Learn about code structure, calling conventions within programs, modules and systems
Please contact instructor Mark Nelson (marknels@hawaii.edu) for further details about the course.