Reverse Engineering Assistance
Analysis Workflow
- •Initial survey: Get function list, extract strings, identify imports and exports, map binary structure
- •Key function analysis: Decompile main/entry functions, analyze control flow, identify critical operations, classify functions by purpose
- •Data flow mapping: Trace data through functions, identify data structures, map global state, analyze stack layouts
- •Behavior understanding: Identify protocol handlers, understand input/output patterns, map to known functionality, reconstruct high-level logic
Key Capabilities
- •Function identification: entry points and main functions, common library functions, custom application logic, function classification
- •Data structure analysis: strings and constants, data structures (structs, arrays), global variables, stack layouts
- •Pattern recognition: common algorithms (sorting, hashing), protocol implementations, obfuscation techniques, anti-debugging code
- •Code reconstruction: high-level logic reconstruction, control flow patterns, error handling, mapping to source concepts
Output Format
Report with: binary_summary (type, architecture, language, compiler), key_functions (entry_points, protocol_handlers, utility_functions), data_structures, strings_of_interest, behavior_analysis (protocols, ports, functionality), recommendations.
Quality Criteria
- •Accuracy: Correct identification of functionality
- •Completeness: Cover all key aspects
- •Clarity: Clear explanations of behavior
- •Actionability: Highlight areas needing review
See Also
- •
patterns.md- Detailed analysis patterns and techniques - •
examples.md- Example analysis cases and output formats - •
references.md- Tools and best practices