Instrument and Patch Your Way to Binary Enlightenment

Learn how to use crack, reverse engineer, and analyze malware using dynamic binary instrumentation and patching with Windows 64-bit API calls and binaries.

Welcome to my guide on dynamic binary instrumentation (DBI). In this article, we’re going to learn the evolution of general binary analysis methods and how to perform some common routines used by security researchers. DBI in itself is a powerful way to gain visibility, modify behavior, and fuzz closed source binaries without having to re-compile or run the original code itself. In fact, there are use cases where engineers have optimized code performance by using instrumentation. If you’ve ever heard of “hot patching” or “function hooking”; that’s exactly what DBI does.

After reading this article, you should be able to:

• Understand the common methodologies for binary analysis and their differences
• How dynamic binary instrumentation (DBI) works
• Be able to examine static file properties
• Use debuggers for “cracking” or patching a portable executable (PE)
• Use DBI frameworks for modifying an application’s behavior using injected hooks

Analysis Methods

When you analyze malware, or binaries in general; you have to keep in mind that it is an iterative process and…