Reverse Engineering Manual & Lab

Step 0 · Orientation

Reverse Engineering Manual & Lab

Calm, guided workspace for static analysis.

This sidecar app keeps your RE flow organized: capture binary context, map IOCs, interpret imports, document functions, assess anti-analysis, and export findings.

Everything is client-side; localStorage holds your state.
Use alongside IDA/Ghidra/objdump/strings for quick triage.
Navigate via the workflow rail; completion dots mark progress.

1

Record Binary Metadata

Identity, platform, and packing signals.

2

Paste Strings Output

Classify URLs, IPs, paths, and indicators.

3

Paste Imports List

Map capabilities and plan the next dive.

7

Notebook & Export

Compile findings into a shareable report.

Step 1 · Context

Binary Overview & Metadata

Capture the who/what/where before deeper analysis.

Solid metadata speeds triage and reporting.

Binary Name *

SHA-256 Hash

File Type *

Architecture *

Compile Timestamp

Obfuscation/Packing Indicators

Suspected Packed Suspected Obfuscated

Tool Output

Step 2 · Strings & Indicators

Strings & IOC Explorer

Drop in your strings dump to triage URLs, IPs, paths, and suspicious hits.

Use after strings or static triage tools to surface quick leads.

Paste Strings Output

Upload File

Step 3 · Capabilities

Imports & API Usage

Classify API calls to understand capability footprint.

Paste import tables from IDA/Ghidra/pefile/objdump.

Paste Import Table / Function List

Step 4 · Functions & Flow

Control Flow & Function Notes

Document important routines and craft the narrative.

Pair roles/status tags with concise descriptions.

Add Function

Function Name *

Role/Category

Description/Notes *

Pseudo-code/Disassembly

Understanding Status

Understood Partially Understood Unknown/Suspicious

Working List

Documented Functions

Live

No functions documented yet. Add your first function above.

Overall Control Flow Narrative

High-Level Program Behavior

Step 5 · Resilience Checks

Anti-Analysis Indicators

Track signs of packing, obfuscation, and anti-RE techniques.

Use checklist + radar to grade evasion posture.

Indicator Checklist

Suspiciously Small Import Table

Very few imports may indicate dynamic loading or packing

High Entropy Sections

Compressed or encrypted data sections

Self-Modifying Code

Code that modifies itself at runtime

String Decryption Routines

Strings decoded at runtime to hide from static analysis

Anti-Debug API Calls

IsDebuggerPresent, CheckRemoteDebuggerPresent, etc.

Anti-VM Artifacts

Checks for VMware, VirtualBox, or other VM indicators

Timing Checks

GetTickCount, QueryPerformanceCounter for timing analysis

Confirmed Packed (UPX, etc.)

Known packer signature identified

Step 6 · Reporting

RE Notebook & Report Export

Pull everything together and export cleanly.

Refresh preview after edits. Export to share.

Final Summary / Assessment

Your Conclusion

Preview

Report Preview

Live

Click "Refresh Report" to generate a preview of your analysis report.

Step 7 · Notes

Disclaimer

Professional students already know the ground rules.

Keep operations lawful and contained.

This space intentionally minimal — operate responsibly and keep your lab isolated.

Reverse Engineering Lab