It will be very useful to know what you will get in assembly code if you compile different operators, structures and other language constructions. I do not add it to avoid overloading with technical details, but that is a good way to start C reverse engineering process, for example.
Tool to use for software reverse engineering
I recommend to read our article that covers software development Malaysia architecture research. In this article, you may find the description of such tools as ProcessMonitor and ProcessExplorer, that are absolutely indispensable in the process of reverse engineering.
I would like to add something to that list. These tools commonly used for Windows software reverse engineering (if you’d like to learn about tools and details for other platforms, read our article about How to reverse engineer iOS software).
You get more details and usage examples in this Best software development Malaysia reverse engineering tools article.
What is disassembler? It is a program that translates the executable file to the assembly language. The most popular disassembler is IDA Pro.
IDA Pro screen
It’s surely very convenient and very powerful tool for disassembling. It has a huge amount of instruments that allow you to solve the task much faster. It may show the function call tree, may parse import and export of the executable and show the needed information about them, it may even show the code in C, making life much easier for those who is not very good in understanding the assembly.
All tools from sysinternals will be useful in Windows software reverse engineering.
TCPView – network sniffer that will show all information about TCP/UDP packets from all processes. Very good while reversing the network protocols.
TDIMon – looks like TCPView, but monitors operations on sockets level,PortMon – system physical port monitor. Monitors Serial and Parallel ports and all traffic that is going through them.
WinObj – shows all objects in the system in the hierarchical structure. May be useful while reversing an application that works with the synchronization primitives such as Mutexes, Semaphores, etc, and also while reverse engineering kernel mode drivers.