Chapter 16 PC program hacking

Once more this is a section that is both worthy and has documents far longer than this one on just individual things. Much of what has been said thus far applies as file formats both custom and common are used, compression is used and assembly, albeit now x86 and x64, is back on the cards but there are quite large differences as well as the PC whatever OS you use has a security system and several fairly complex methods of working, encryption (usually bad and closer to obfuscation, which is another popular thing to do, and as such able to be defeated) is popular and more importantly the languages used and APIs available are far more extensive.

Speaking of security this section will not cover some of the higher level aspects of defeating protection as they can get quite involved and the field is quite fast moving not to mention if you understood the idea behind some of the defeating protection methods (with the additional note that some modern PC programs can and do fetch actual useful pieces of code from the internet/networks) and how to work around obfuscation (one neat trick is to optimise the program) you are better off venturing out into the internet and watching conference videos. Equally this section will not really be covering anything on hacking programs in an attempt to wrest control of the computer into the hands of an attacker (again see conference videos and elsewhere on the internet) or really anything on cheating (it works much the same on any system). Basically this section will be on pure functional reverse engineering of programs where no or minimal attempts to prevent it exist.

Despite the differences there are several big advantages

PC programs in many ways are able to be debugged far more easily than many of the systems ROM hackers will be looking at (although emulators count for a lot here).

PC programs quite commonly use high level languages that frequently allow for decompilation and/or massive simplification for the reverse engineer.

It should also be noted sometimes full reverse engineering is not required and instead just how the functions are called in a program (many programs are just frontends for custom DLL files).

Executable packing and encryption Although you can always use a disassembler, of which there are several available with the standard tool being IDA (as far as X86 is concerned there is a paid version and a freeware version that is usually just the paid version but several versions back), many computer programs will have packed executables and/or use encryption as well as obfuscation. To this end although you can simply feed a diassembler something if it is packed or encrypted and only rendered into “plain” at runtime you will just get out gibberish.