[Binrev] Automate Reversing Windows Binaries for Pentesters

Tuesday, September 17, 2013

What you can do with this?

  • Static analysis: you can do a basic manual code review for decompiled sources to discover hidden communication channels, search for hard-coded passwords, or SQL injection vulnerabilities.
  • Import decompiled projects to an IDE to reconstruct and modify the original source code
  • Call hidden native exported functions with rundll32

Here is a rough description of what it does, and what tools it is using:
  • For exe, dll files:
    • Detect and de-obfuscate for .NET libraries with de4dot 
    • Decompile .NET libraries with JustDecompile 
    • Zip decompiled source code to netsources.zip 
    • Run strings against native libraries
    • Export call-able functions with dllexp. You can then try to run those functions with command Rundll32 <dll>,<function name> 
    • Export dependencies with depends 
    • Extract native resources with resourcesextract 
  • For jar files: 
    • Extract and combine java classes into a single zip file
    • Decompile java sources with procyon 
    • Zip decompiled source code to javasources.zip



Subscribe via e-mail for updates!