madswp
Full Member
Karma: +3/-0
 Offline
Posts: 102
|
 |
« on: October 11, 2013, 07:44:22 AM »
|
|
|
I want to dig a bit into ida pro. I have played a bit around with it the last couple of days. I know all the basic about hex values, how to read, convert etc etc. but ida pro and reading code is giving me headache  how did you guys start up with learning to read + understand code and data flow? i have taken some training courses online for basic coding in PHP to get into this world but its still new to me. also, how did you start to write your own software? which programming language do you use, and why? what is the easiest way to start all over from newbie level? if you have good experience in reading some books i would be happy to know which thanks |
|
|
|
|
Logged
|
|
|
|
rkam
Full Member
Karma: +4/-0
Offline
Posts: 55
|
|
« Reply #1 on: October 11, 2013, 12:03:56 PM »
|
|
|
Reading disassembled code is about as difficult as it looks.
Each separate command can be understood by looking at datasheets for the CPU in question, but to understand the data flow is very difficult, and not really a thing that you can learn from a book or course.
On simple microprocessors it may be possible to replace memory addresses with labels whenever you find the purpose of such an address.
But many microprocessors are now using complex memory management which makes this difficult.
Assembly programming is similar to the disassembled code, but with the help of labels and variables.
Learning assembly programming will be helpful in understanding disassembled code.
Learning C or C++ is probably the most useful. A C or C++ compiler with examples is normally available for all kinds of microprocessors.
Nowadays it is most common to learn C#, but this is mostly/only for Microsoft Windows programming.
|
|
|
|
« Last Edit: October 11, 2013, 12:05:27 PM by rkam »
|
Logged
|
|
|
|
madswp
Full Member
Karma: +3/-0
Offline
Posts: 102
|
|
« Reply #2 on: October 12, 2013, 12:46:18 AM »
|
|
|
i was also guesssing that the best way to learn this is to start writing software. and then later on, when understanding the basic, start on trying disassembling.
i have to start somewhere so courses and reading is the only thing i can do. i have plenty of time.
any books or webpages i could find intresting?
i have read 'hacking the xbox - guide to reverse engineering' and a little in 'the ida pro book' but that dont make a lot of sense yet.
|
|
|
|
|
Logged
|
|
|
|
|
nyet
|
|
« Reply #3 on: October 12, 2013, 01:07:05 AM »
|
|
|
learning a (relatively) low level language like C is probably a good start.
php and java, not so much.
then, probably learning about microcontrollers, RAM, ROM, EEPROM, busses, IO, etc.
then maybe connecting that with C and some understanding of how compilers work.
And reading up on CPUs and how they work.
|
|
|
|
|
Logged
|
|
|
|
Sirocco20348
Newbie
Karma: +0/-0
Offline
Posts: 20
|
|
« Reply #4 on: October 13, 2013, 12:39:06 PM »
|
|
|
Static analysis with ida pro is damn complex... I would advise not even bothering if you only have php background. You really need to do an IT degree and learn assembly and c. I've done courses on dynamic analysis of malware with ida pro, and pretty much my brain exploded.i didn't have the patience to work out what each frustrating variable did... But good luck if you continue to smash it out!!
|
|
|
|
|
Logged
|
|
|
|
Sirocco20348
Newbie
Karma: +0/-0
Offline
Posts: 20
|
|
« Reply #5 on: October 13, 2013, 12:39:39 PM »
|
|
|
.
|
|
|
|
« Last Edit: October 13, 2013, 07:37:07 PM by Sirocco20348 »
|
Logged
|
|
|
|
Sirocco20348
Newbie
Karma: +0/-0
Offline
Posts: 20
|
|
« Reply #6 on: October 13, 2013, 12:40:06 PM »
|
|
|
.
|
|
|
|
|
Logged
|
|
|
|
|
dream3R
|
|
« Reply #7 on: October 13, 2013, 02:21:09 PM »
|
|
|
I'm on this path now. I know C well and I can follow the code flow in defined functions. I have also been programming microcontrollers for a while now for a few different projects.
My difficulty is understanding the DPP's, memory layout and things like correctly defining functions in IDA.
Man, it's not easy but I'll keep chipping away.
FWIW, I was reading through ecuxplot's code the other week for my logger project and it (JAVA) wasn't a million miles away from C in the basic functions like case etc. It's probably different in a lot of other ways though.
|
|
|
|
|
Logged
|
|
|
|
|
nyet
|
|
« Reply #8 on: October 13, 2013, 09:36:20 PM »
|
|
|
What missing from java vs c is that you can see stuff like txt bss data, stack, heap etc. in C code. java hides all that stuff from you...
including direct memory references, non-strict casting, etc. which doesn't exist in java.
All of that stuff is fundamental to making the connection between c asm and how a cpu works...
|
|
|
|
|
Logged
|
|
|
|
|
dream3R
|
|
« Reply #9 on: October 14, 2013, 03:54:03 AM »
|
|
|
I see, I was thinking on a different tangent there, which was off topic  . |
|
|
|
|
Logged
|
|
|
|
|
prj
|
|
« Reply #10 on: October 14, 2013, 05:32:26 AM »
|
|
|
You really need to do an IT degree and learn assembly and c. You don't. You just need to be good at recognizing patterns, and not have ADHD - meaning you must be able to concentrate and read long boring technical documents about the CPU's. Learning C might help but is not required. I would recommend starting with ASM on simple micros, such as the 8051 and then continuing to more difficult ones. Get yourself a development board and mess with it. |
|
|
|
|
Logged
|
|
|
|
|
dream3R
|
|
« Reply #11 on: October 14, 2013, 06:32:45 AM »
|
|
|
Can anyone tell me how to start looking at correctly configuring DPP's where they are different from the normal VAG files? Do I have to rewind back a bit and understand some of the fundamentals better? Can someone explain the logic to me?
|
|
|
|
|
Logged
|
|
|
|
|
nyet
|
|
« Reply #12 on: October 14, 2013, 09:45:13 AM »
|
|
|
DPPs are analagous to the segmented memory model on 808x.
a 16 bit address can only address 64k of memory space, so if you have a larger address space, and you are on a 16 bit processor, you need some way of resolving direct memory references that are stored in 16 bits.
DPPs extend that 16 bit into more space, w/o having to make all those direct memory references wider than 16bits, which, on a RISC processor, would expand the size of the operation significantly.
|
|
|
|
|
Logged
|
|
|
|
|
