The objective of the Windows basics section is to learn to apply the reverse engineering concepts to the Windows applications. You will learn to use Ghidra and WinDbg for reversing the logic of the provided crackmes and determining the password in the application. This section also teaches how to patch the executables to make the applications behave differently.


What will you learn?

  • Familiarizing yourself with Ghidra and WinDbg for analysis of an application

  • Learning to analyze assembly instructions and decompiled code

  • Learning static and dynamic analysis of an application using WinDbg


References:


  1. Reverse Engineering Win32 Applications (https://www.pentesteracademy.com/course?id=41

  2. WinDbg Fundamentals: User Mode (https://www.pentesteracademy.com/course?id=52)

  3. Exploiting Simple Buffer Overflows on Win32 (https://www.pentesteracademy.com/course?id=13)


Labs:


  • Hardcoded String
    Learn to analyze an application using Ghidra to determine the password expected by the application. Then, use the learnings from Ghidra and perform dynamic analysis of the application using WinDbg. Also, learn to patch the application using Ghidra so that the application can accept any password.


  • Hardcoded Wide String
    Learn to analyze an application using Ghidra to determine the password expected by the application. Then, use the learnings from Ghidra and perform dynamic analysis of the application using WinDbg. Also, learn to patch the application using Ghidra so that the application can accept any password.


  • Memory Inspector

    Learn to analyze an application using Ghidra to determine its logic. Then, use the learnings from Ghidra and perform dynamic analysis of the application using WinDbg to determine the correct password that gets decoded at the application runtime and is available in its memory. Also, learn to patch the application using Ghidra so that the application can accept any password.

  • Character Matching
    Learn to analyze an application using Ghidra to determine its logic and reverse engineer it to determine the correct password expected by the application. Then, use the learnings from Ghidra and perform dynamic analysis of the application using WinDbg to verify the correctness of the password recovered during analysis with Ghidra. Also, learn to patch the application using Ghidra so that the application can accept any password.

User Avatar

Hardcoded String

User Avatar

Hardcoded Wide String

User Avatar

Memory Inspector

User Avatar

Character Matching