Logo ČVUT
CZECH TECHNICAL UNIVERSITY IN PRAGUE
STUDY PLANS
2024/2025

Reverse Engineering

Login to KOS for course enrollment Display time-table
Code Completion Credits Range Language
NI-REV Z,ZK 5 1P+2C Czech
Course guarantor:
Josef Kokeš
Lecturer:
Josef Kokeš
Tutor:
Josef Kokeš
Supervisor:
Department of Information Security
Synopsis:

Students will get acquainted with the essentials of reverse engineering of computer software. They will learn how processes start and what happens before and after the main function is called. Students will understand how executable files are organized and how they interact with 3rd party libraries. Another part of the course is dedicated to reverse engineering of applications written in C++. Students will also understand principles of disassemblers and obfuscation techniques. A part of the course will also be dedicated to debuggers: how debuggers and debugging work and which methods can be used to detect it. One of the lectures will be dedicated to the latest trends on the computer malware scene. The focus of the course is on the seminars, where students will solve practically oriented tasks from the real world.

Requirements:

Very good knowledge of C, C++. Basic knowledge of programming in assembler/machine code.

Syllabus of lectures:

1. Introduction to reverse engineering

2. Analysis of a program's flow

3. Analysis of C++ classes

4. Disassembling and obfuscation

5. Compiler recognition

6. Debugging and anti-debugging

7. Reverse analysis of malware

Syllabus of tutorials:

1. Introduction to debuggers and assembler

2. Basic function analysis, stack frame

3. Reverse engineering tools

4. PE file structure, Import Address Table

5. Type information analysis

6. 64bit code

7. Code injection

8. Analysis of obfuscated programs

9. Advanced obfuscation techniques

10. Reconstruction of packed files

11. Antidebugging

12. Analysis of high-level languages

Study Objective:

After he/she had completed the course, the student will be able to independently perform reverse analyses of binary executable files on the MS Windows platform, including analyzing obfuscated files (i.e. malware).

Study materials:

[1] Eilam, E.: Reversing: Secrets of Reverse Engineering. Wiley. 2005. 987-0-7645-7481-8.

[2] Eagle, C.: The IDA Pro Book: The unofficial Guide to the World's Most Popular Disassembler. No Starch Press. 2011. 987-1-59327-289-0.

[3] Seacord, R. C.: Secure Coding in C and C++. Software Engineering Institute, Carnegie Mellon University. 2013. 987-0-321-82213-0.

[4] Russinovich M. - Solomon D. A. - Ionescu A.: Windows Internals Part 1. Microsoft Press. 2012. 987-0-7356-4873-9.

[5] Russinovich M. - Solomon D. A. - Ionescu A.: Windows Internals Part 2. Microsoft Press. 2012. 987-0-7356-6587-3.

Note:
Further information:
https://courses.fit.cvut.cz/NI-REV/
Time-table for winter semester 2024/2025:
06:00–08:0008:00–10:0010:00–12:0012:00–14:0014:00–16:0016:00–18:0018:00–20:0020:00–22:0022:00–24:00
Mon
Tue
Wed
Thu
roomTH:A-s134
Kokeš J.
11:00–12:30
ODD WEEK

(lecture parallel1)
Thákurova 7 (budova FSv)
roomT9:345
Kokeš J.
14:30–16:00
(lecture parallel1
parallel nr.101)

Dejvice
roomT9:345
Kokeš J.
16:15–17:45
(lecture parallel1
parallel nr.102)

Dejvice
roomT9:345
Kokeš J.
18:00–19:30
(lecture parallel1
parallel nr.103)

Dejvice
Fri
Time-table for summer semester 2024/2025:
Time-table is not available yet
The course is a part of the following study plans:
Data valid to 2024-12-12
For updated information see http://bilakniha.cvut.cz/en/predmet6114106.html