Tuesday, May 17, 2011

Been doing some reverse engineering

I've been reversing a Win32 PE executable lately, something I haven't been doing since I was 15. I found it quite easy. Much easier, indeed, than a few years ago. What's changed since then?
  • The tools have changed. At the time, I used to master WinDASM and SoftICE, which are no more fashionable. It even seems that WinDASM has disappeared from the market. This time, I used HeavenTools' PE Explorer, which is a clear improvement on the latter.
  • The PE format has not changed. Or, at least, nothing that matters in debugging.
  • Windows is more stable than at the time, saving you many reboots ^^
  • The compilers have not changed much. It seems that I could learn to recognize compilation styles of various compilers in very little time.
  • Most of all, I've not changed. I can now remember very precisely why I quit reverse engineering software back then: because I prefer working with the source code and I prefer working in design or implementation modes rather than in debugging mode. I can now remember that I quit reverse engineering software approximately the same time as I started using GNU/Linux on my desktop.
I can clearly validate this view years later: though I'm happy to be able to reverse a binary, I think programming is more rewarding.