1
00:00:05,790 --> 00:00:12,720
Doing reverse engineering starts off with understanding the meaning of a repeat and bind.

2
00:00:13,910 --> 00:00:20,060
Simply leaving the device contained requires developing tools that aid in the trading of files and objects,

3
00:00:20,840 --> 00:00:23,140
passing the adding meaning to everybody.

4
00:00:23,330 --> 00:00:29,570
What you can't add or tool reverse engineering has evolved with tools that are continuously updated

5
00:00:29,570 --> 00:00:32,180
when encountering new software technology.

6
00:00:33,020 --> 00:00:41,390
Here we categorize these tools into binary analysis tools, disassembles the compilers at the borders

7
00:00:41,390 --> 00:00:42,470
and monitoring tools.

8
00:00:43,750 --> 00:00:52,270
Binary analysis tools by analysis tools are used to praise pairs, binary files and extract information

9
00:00:52,270 --> 00:01:00,130
about the file, an analyst will be able to identify which applications are able to read or execute.

10
00:01:00,130 --> 00:01:05,850
The binary file types are generally identified for the magic he departs.

11
00:01:07,000 --> 00:01:14,170
This magic petabytes are usually located, are located at the beginning of of a file, for example,

12
00:01:14,180 --> 00:01:16,390
in Microsoft excludable file.

13
00:01:16,390 --> 00:01:20,530
An Excel file being within the M.

14
00:01:20,530 --> 00:01:30,850
Zahedan, IMSA is believed to to be initials of Mark the book as is because it will appear from Microsoft

15
00:01:30,850 --> 00:01:32,240
during those days.

16
00:01:34,060 --> 00:01:39,640
Microsoft Office, more documents and on the other hand, have designed their first four bars as to

17
00:01:39,790 --> 00:01:40,750
their magic.

18
00:01:40,750 --> 00:01:48,880
Either the hexadecimal bytes in the presenting screenshot reads as it took fun or an information such

19
00:01:48,880 --> 00:01:51,670
as texting also gives the hints.

20
00:01:52,420 --> 00:02:00,330
The following screenshot shows information indicating that the program was most likely pulled for using

21
00:02:00,340 --> 00:02:01,390
Windows forms.

22
00:02:03,550 --> 00:02:10,810
This assemblers, these assemblers are used to reach the low level court with a program reading low

23
00:02:10,810 --> 00:02:17,290
level code requires knowledge of assembly language and only sits down with a disassembles, gives information

24
00:02:17,290 --> 00:02:23,320
about the execution conditions and system interaction that a program will carry out and executed.

25
00:02:23,890 --> 00:02:30,700
However, the highlights from reading low level code are when the program uses application program interface

26
00:02:31,090 --> 00:02:32,620
API functions.

27
00:02:33,720 --> 00:02:42,120
The following screenshot shows a snippet of a program model that uses the Get Job API, this API is

28
00:02:42,120 --> 00:02:46,190
used to get information about the printed job as shown in this picture.

29
00:02:49,430 --> 00:02:50,120
Debuggers.

30
00:02:51,700 --> 00:02:58,330
These dissemblers can show the country, but the analyst can verify which branch the quad floors to

31
00:02:58,330 --> 00:03:03,630
be using a debugger in the Buganda's actual execution per line of record.

32
00:03:04,180 --> 00:03:11,380
The analyst countries, Trodd codes such as a lubes, conditional statements and API execution.

33
00:03:12,600 --> 00:03:19,530
Science bloggers are categorized under dynamic analysis and perform as stepwise execution of record,

34
00:03:19,890 --> 00:03:22,890
the blogging is done in an enclosed environment.

35
00:03:23,280 --> 00:03:29,250
Various file types have a different disassembles in a dot net compiled executable.

36
00:03:29,430 --> 00:03:35,520
It is best to instead disassemble the peacoat and work out what each operator means.

37
00:03:38,010 --> 00:03:45,880
Monitoring tools, monitoring tools are used to monitor system behaviors regarding file registry and

38
00:03:45,900 --> 00:03:47,610
memory and network.

39
00:03:49,020 --> 00:03:54,870
These tools usually top or Hoog on APIs or system calls.

40
00:03:55,050 --> 00:04:03,450
They log information such as a newly created processers, updated files, registry entries and incoming

41
00:04:03,450 --> 00:04:07,550
SMB packets are generated by reporting tools.

42
00:04:09,390 --> 00:04:13,650
The compilers, the compilers are similar to Disassembles.

43
00:04:14,070 --> 00:04:18,320
They are tools that attempt to restore the high level source code.

44
00:04:18,360 --> 00:04:25,080
The program like this assemblers that attempt to restore the low level assembly language source of a

45
00:04:25,080 --> 00:04:26,310
code of a program.

46
00:04:27,900 --> 00:04:30,720
These tools work hand in hand with each other.

47
00:04:31,260 --> 00:04:36,360
They look generated from a monitoring tools can be used to trace the actual code from the disassembly

48
00:04:36,360 --> 00:04:36,900
program.

49
00:04:37,770 --> 00:04:45,330
The same applies to parking, where the analyst can see the summary of the low level cold front from

50
00:04:45,330 --> 00:04:51,390
the disassembling while being able to predict where the place breakpoint based on the monitoring tools

51
00:04:51,390 --> 00:04:51,900
looks.