Introduction to Reverse Engineering WIN32 Applications
|Release Date||01 October 2007|
|Last Modified||24 October 2017|
This paper will introduced the reader to many concepts and tools essential to understanding and controlling native WIN32 applications through the eyes of Windows Debugger (WinDBG). Throughout, WinMine will be utilized as a vehicle to deliver and demonstrate the functionality provided by WinDBG and how this functionality can be harnessed to aid the reader in reverse engineering native WIN32 applications. Topics covered include an introductory look at IA-32 assembly, register significance, memory protection, stack usage, various WinDBG commands, call stacks, endianness, and portions of the Windows API. Knowledge gleaned will be used to develop an application designed to reveal and/or remove bombs from the WinMine playing grid.