I tried reversing a medium-complexity program, but after a long time of digging through seemingly nonsensical data structures, it seemed very clear to me that it was a C++ program and the pointery mess I was seeing was likely a result of classes and inheritance.<p>Has Ghidra gotten better at dealing with those, and is there a good tutorial how to best handle it?
If you haven’t tried it already, Compiler Explorer (<a href="https://godbolt.org/" rel="nofollow">https://godbolt.org/</a>) is a great way to “cheat” at learning reverse engineering. Why? Because you can control what the C code looks like, and it’ll show you the assembly to compare. Eventually you’ll get a feel for how compilers generate code for various operations.
I just for the life of me don't think I'd ever be able to understand the x86 instruction set and truly get into reverse engineering. Most RE's I've known have seemingly had immeasurably deep knowledge about everything from the x86 platform to OS API's and their weird quirks (looking at you Windows)
Could someone add some references to more advanced reverse engineering resources? I was sold a bot that was closed source and ran it in a VM and then recompiled it using Ghidra. It ended up being malware because it tried to execute a function called sendToEmail() which basically just sent decrypted wallet info to the malware writers email address (hardcoded, of course).<p>I wasn't able to arrive at this conclusion by reverse engineering the code - it only happened to crash suddenly when it started to execute the sendToEmail() function. (Lucky me!)
This is an excellent article with great simple tips, like highlighting most Calculator apps' hex mode and the mile-counter analogy. Great work by the author.