No announcement yet.

Practical Reverse Engineering Exercise

  • Filter
  • Time
  • Show
Clear All
new posts

  • Practical Reverse Engineering Exercise

    Support us on Patreon:

    This is a 5 part series showing you how to solve some of the reverse engineering exercises from the Practical Reverse Engineering book.

    In the first video, we will earn about the stack and learn how to reverse engineer a simple function which loops through a null terminated char array and overwrites it's contents. This is Exercise 1 on Page 11.


    Practical Reverse Engineering book:

    This video is made by Ismael Vasquez Jr:

    Website -
    Twitter -
    Facebook -
    Github -
    LinkedIn -

    Reverse engineering is the process of analyzing software and understanding it, without having access to the source code. Hackers are able to reverse engineer systems and exploit what they find with scary results. Now we can use the same tools to stop these threats. Practical Reverse Engineering goes under the hood of reverse engineering for security analysts, security engineers, system programmers, so they can learn how to use the same processes to stop hackers in their tracks.

    - Offers a complete approach to understanding reverse engineering, with hands-on exercises and real-world examples
    - Covers x86, x64, and advanced RISC machine (ARM) architectures as well as deobfuscation and virtual machine protection techniques
    - Provides special coverage of Windows kernel-mode code (rootkits/drivers), a topic not often covered elsewhere, and explains how to analyze drivers
    - Includes a bonus chapter on reverse engineering tools
    - Practical Reverse Engineering: Using x86, x64, ARM, Windows Kernel, and Reversing Tools provides crucial, up-to-date guidance for a broad range of IT professionals.

    The book covers x86, x64, and ARM (the first book to cover all three); Windows kernel-mode code rootkits and drivers; virtual machine protection techniques; and much more. Best of all, it offers a complete approach, with plenty of exercises and examples.

    Donate on our Forum :
    Support us on Patreon :

    Follow us on Facebook :
    Follow us on Twitter :
    Follow us on Twitch :
    Follow us on Reddit :
    Follow us on GitHub :
    Follow us on Instagram :
    The Hackmaster

  • #2
    Practical Reverse Engineering 2 - Pg 35 Exercise 1 Sample J

    In this video Guided Hacking will teach you how to reverse engineer sample J, which is an executable file which calls CreateToolHelp32Snapshot() and loops through the running processes trying to find explorer.exe.

    It will show you how to reverse engineer it using IDA Pro for static analysis and x64dbg for dynamic analysis.

    It'll walk you through each line of assembly and figure out what each instruction does.

    Guided Hacking will show you how he re-created this binary in assembly to get a better understanding of how it works.

    Practical Reverse Engineering is a great book that is still valuable today, not much in terms of core malware analysis and Windows API has changed. This reverse engineering tutorial is perfect for someone that wants to get more experience reverse engineering.

    The Hackmaster


    • #3
      Practical Reverse Engineering RtlValidateUnicodeString Pg 35 Exercise 5

      A short & simple video showing you how to solve exercise 5 of page 35 of the Practical Reverse Engineering book. It asks you reverse engineer the simple RtlValidateUnicodeString function. Using the knowledge you have gained from previous exercises in the book, your goal is turn the assembly into reversed C code.

      The RtlUnicodeStringValidate function validates the contents of a UNICODE_STRING structure which is passed as an argument along with a flags argument.

      NTSTATUS NTAPI RtlValidateUnicodeString (
      IN ULONG Flags,
      IN PCUNICODE_STRING UnicodeString

      RtlUnicodeStringValidate returns one of the following NTSTATUS values: STATUS_SUCCESS or STATUS_INVALID_PARAMETER. The SourceString pointer cannot be NULL. If you need to specify a NULL pointer value, use the RtlUnicodeStringValidateEx function.

      The Hackmaster