[Binrev] Automate Reversing Windows Binaries for Pentesters

What you can do with this?

  • Static analysis: you can do a basic manual code review for decompiled sources to discover hidden communication channels, search for hard-coded passwords, or SQL injection vulnerabilities.
  • Import decompiled projects to an IDE to reconstruct and modify the original source code
  • Call hidden native exported functions with rundll32

Here is a rough description of what it does, and what tools it is using:

  • For exe, dll files:
    • Detect and de-obfuscate for .NET libraries with de4dot 
    • Decompile .NET libraries with JustDecompile 
    • Zip decompiled source code to netsources.zip 
    • Run strings against native libraries
    • Export call-able functions with dllexp. You can then try to run those functions with command Rundll32 <dll>,<function name> 
    • Export dependencies with depends 
    • Extract native resources with resourcesextract 
  • For jar files: 
    • Extract and combine java classes into a single zip file
    • Decompile java sources with procyon 
    • Zip decompiled source code to javasources.zip

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s