[Noisebridge-discuss] Software Reverse Engineering Workshop

Dr. Jesus j at hug.gs
Thu Apr 30 05:31:53 UTC 2009


I need a few things from everyone interested to make sure I'm giving
the right talk.  Please fill out the following.  I'm sure some of you
are going to use this as an excuse to hold an old fart e-penis
measuring contest, but let's try not to get too distracted from the
reversing discussion, eh?

[ ] Focusing on x86 only is fine with me.
[ ] I would also to know about other processors:
 (list processors)

[ ] Focusing on the Linux ABI only is fine with me.
[ ] Focusing on the Windows ABI only is fine with me.
[ ] Focusing on the Darwin (mac) ABI only is fine with me.
[ ] I care about more than one of these:
 (list combination of the above)

[ ] I've written 0-day/asm demos and have skipped the rest of this questionnaire.

[ ] I have an IDA Pro license of any flavor.
[ ] I even paid cash money for it and I now know all about customs and Belgium.
[ ] And I've been paid for using my copy at least once.

[ ] I belong to the church of free software and can't use non-libre software, including IDA.
[ ] I sort of care about licensing politics, but I really just want the source code any way I can get it.
[ ] I don't care about licensing politics as long as its cheap or free.
[ ] I prefer commercial software because I have more money than time.
[ ] I have another opinion not covered above:
 (your opinion)

(by heart means you can reconstruct the relevant parts of the opcode's
pages in the manual from memory, blindfolded, with one hand tied
behind your back)
[ ] My myspace is on the aol wireless dsl.
[ ] I have no programming experience.
[ ] I have no assembly experience.
[ ] I have some assembly experience, but I can't read it without a manual.
[ ] I know more than 20 x86 opcodes by heart.
[ ] I know more than 40 x86 opcodes by heart.
[ ] I know more than 100 x86 opcodes by heart.
[ ] I have the IASDM memorized.
[ ] I can read disassembly listings for another processor:
 (list processor(s) here)

[ ] I only care about application level reversing.
[ ] I would also like to learn about x86 system programming in a longer, separate talk.
[ ] I would also like to learn about the x86 FPU / vector units in a longer, separate talk.

[ ] I can do ASCII <-> hex in my head.
[ ] I even know why tolower and toupper might use 0x20.

[ ] I can do two's complement arithmatic in my head.
[ ] I also know what it means when someone says it saves a bit compared to the other way of representing sign.
[ ] I also know the trick to avoid flipping all the bits when changing the sign of a small number.

[ ] Numbers terrify me.
[ ] My math is so-so.
[ ] I finished algebra II.
[ ] I finished precalculus.
[ ] I completed a three semester calculus course.
[ ] I survived linear algebra and group theory.
[ ] I've been admitted to graduate studies in a math program (and forgot how to do long division.)
[ ] My fields medal is very shiny, let me show you it.

[ ] I've passed a compiler course or written a compiler.

[ ] I've passed a computer architecture course.  (SPIM or MMIX or equiv.)

[ ] Off the top of my head, I know exactly what happens when I tell gcc __builtin_expect((x), 0).
[ ] And I know why I should be thinking about page size when I do that.
[ ] I know the MSVC version of this question as well as the answer.
[ ] I know how to do this manually in C.
[ ] Without an opcode chart.

[ ] Without looking anything up, I can explain exactly what this program is doing and why it works:
http://pastebin.com/m2f68dc27
[ ] I sort of get it, but I had to google a few things.
[ ] You can do that?!

[ ] Off the top of my head, I know what mov edi, edi means on Windows.
[ ] I even know what to do with that using windbg.
[ ] I had to google it.

[ ] Off the top of my head, I know why scribbling on the 8237 compatibility registers on my mac doesn't cause it to asplode.
[ ] I tried to google it and I still don't know.
[ ] I tried it on my mac and figured it out.
[ ] I also know why this may or may not apply to my PC.

[ ] Off the top of my head, I know what COFF means and the magic number.
[ ] Off the top of my head, I know what MACH-O means and the magic number.
[ ] Off the top of my head, I know what ELF means and the magic number.

[ ] I can interpret at least one kind of symbol mangling without using a demangler.

[ ] I know the correct response, including format, to the $100 trivia question from prequals.
 (response goes here)

Thanks, everyone.



More information about the Noisebridge-discuss mailing list