| name | assisting-reverse-engineering |
| description | Provides reverse engineering analysis support including function identification, data structure analysis, and behavior understanding. Use when analyzing unknown binaries, understanding program structure, or investigating binary behavior. |
Reverse Engineering Assistance
Analysis Workflow
- Initial survey: Get function list, extract strings, identify imports and exports, map binary structure
- Key function analysis: Decompile main/entry functions, analyze control flow, identify critical operations, classify functions by purpose
- Data flow mapping: Trace data through functions, identify data structures, map global state, analyze stack layouts
- Behavior understanding: Identify protocol handlers, understand input/output patterns, map to known functionality, reconstruct high-level logic
Key Capabilities
- Function identification: entry points and main functions, common library functions, custom application logic, function classification
- Data structure analysis: strings and constants, data structures (structs, arrays), global variables, stack layouts
- Pattern recognition: common algorithms (sorting, hashing), protocol implementations, obfuscation techniques, anti-debugging code
- Code reconstruction: high-level logic reconstruction, control flow patterns, error handling, mapping to source concepts
Output Format
Report with: binary_summary (type, architecture, language, compiler), key_functions (entry_points, protocol_handlers, utility_functions), data_structures, strings_of_interest, behavior_analysis (protocols, ports, functionality), recommendations.
Quality Criteria
- Accuracy: Correct identification of functionality
- Completeness: Cover all key aspects
- Clarity: Clear explanations of behavior
- Actionability: Highlight areas needing review
See Also
patterns.md- Detailed analysis patterns and techniquesexamples.md- Example analysis cases and output formatsreferences.md- Tools and best practices