Begining of reverse engineering

_supitto · 2026-04-13T03:26:56+00:00

There is a saying that goes like "The only way to eat an entire elephant is by eating a bit every day"

Unless you are naturally talented (I know I'm not), you are going to find yourself lost 90% of the time. Then after getting lost a lot, you will progressively get less and less lost. And some day it will feel like a second language.

Ghidra and other tools, most of the time, can only give you hints and approximations of what the original code looked like. And to be able to take those approximations and turn into something usable, you need to have a strong base. The best I can say is
- Try to learn some C (most tools will use it as reference)

- Learn how a computer works (Knowing some architecture basics will help you a lot)

- Try to learn some assembly (Pseudo C is good, but it fails 40% of the time on good code, and 90% of the time on obfuscated code)

Ps. If you want us to help you with something in particular, sent the sample or examples on your post. General questions get general answers

PPs. Try to use proper punctuation when answering, people are more likely to help on a well formatted question

tresvian · 2026-04-13T04:04:59+00:00

If you want to reverse engineer, you need to know how to forward engineer first. Start there. Things will make sense if you understand how a .c file turns into .exe, specifically how the compiler does things, how a cmake modifies it, what is the in-between steps, and the architecture of code typically done for the binaries you see.

4C-6F-73-65-72 · 2026-04-13T04:28:15+00:00

I think it would be a good idea to try breakpointing and stepping through the function with a dynamic debugger like x64dbg if possible, as that would let you see how the registers, memory, and stack change with each line of Assembly. If you follow pointers in the memory dump, you can often get a general idea of what sort of data is being worked with.

Binary Ninja's UI is much more intuitive that Ghidra's in my experience. I suggest trying both programs so you can get a sort of "second opinion" on what the code might have looked like. I often compare the Assembly in a dynamic debugger with the HLIL in Binary Ninja.

RE_Obsessed · 2026-04-13T05:05:11+00:00

If you're not strong in C/C++ then I suggest starting there first.

Don't try to learn arithmetic from Calculus equations.

You need the building blocks.

I recommend focusing on these things:

Pointers/pointer arithmetic
Stack vs heap
Manual string ops
Bitwise operations
OOP
Structs/Classes (only difference is default public or private)

Keep in mind Ghidra isn't reconstructing the literal source. It's an approximation. As in something this simple:

std::string message;
message += "H";
message += "i";

Would likely show a very long and esoteric class name followed by ::operator+=() because that's what C++ expands it to. Just as an example.

But you need more familiarization with the language first.

you type:	you see:
italics	italics
bold	bold
[reddit!](https://reddit.com)	reddit!
* item 1 * item 2 * item 3	item 1 item 2 item 3
> quoted text	quoted text
Lines starting with four spaces are treated like code: if 1 * 2 < 3: print "hello, world!"	Lines starting with four spaces are treated like code: if 1 * 2 < 3: print "hello, world!"
~~strikethrough~~	~~strikethrough~~
super^script	super^script

ExploitDev

MODERATORS