Hello, self: First Steps Into Software Reverse Engineering

Entry Point: _start

Every program has an entry point. For many, it’s the familiar main() function. For others, it’s a lower-level label like _start. This post serves as the entry point for this blog, dedicated to the intricate world of software reverse engineering and malware analysis.

My goal is to record my steps as I learn about the layers of abstraction and explore what’s happening under the hood. If you’re interested in the world of turning compiled binaries back into understandable logic, you’re in the right place.

What to Expect

This blog will be a collection of my notes, research, and tutorials. I plan to cover a range of topics aimed at beginners. As I progress, I’ll add more advanced topics. Remember, this isn’t a tutorial site, per se. I’m documenting my own journey. I have a goal of covering content like:

• Malware Deep Dives: Analyzing real-world samples to understand their mechanisms, from packers and obfuscation to C2 communication.
• Tooling Tutorials: Practical guides on using tools like Ghidra, IDA Pro, and x64dbg.
• Fundamental Concepts: Discussions on assembly (x86/x64 & ARM), file formats (PE, ELF), and operating system internals.
• Capture The Flag (CTF) Write-ups: Step-by-step solutions for reverse engineering challenges.

The best way to learn is by doing. I’ll be getting my hands dirty with plenty of disassembly. I will reference my source material as I cover each topic.

A Small Glimpse

To kick things off, here is the classic “Hello, world!” program written in 64-bit x86 assembly for Linux. It’s a great reminder that even the most complex software boils down to simple instructions.

section .data
    hello db 'Hello, reverse engineering world!', 0x0a ; 0x0a is newline

section .text
    global _start

_start:
    ; syscall: write(int fd, const void *buf, size_t count)
    mov rax, 1          ; syscall number for write
    mov rdi, 1          ; file descriptor 1 is stdout
    mov rsi, hello      ; pointer to our string
    mov rdx, 33         ; length of the string
    syscall             ; make the system call

    ; syscall: exit(int error_code)
    mov rax, 60         ; syscall number for exit
    xor rdi, rdi        ; exit code 0
    syscall             ; make the system call

• Introduction
• Meta
• Reversing