Black Hat Briefings, Usa 2007 [audio] Presentations From The Security Conference.

Most people think of reverse engineering as a tedious process of reading disassembled CPU instructions and attempting to predict or deduce what the original 'c' code was supposed to look like. This process is difficult, time consuming, and expensive, but it doesn't need to be. Software programs can be made to reverse engineer themselves. Software, as a machine, can be understood by active observation, as opposed to static decompilation and prediction. In other words, you can reverse engineer software by using it, as opposed to reading code. Code is nothing more than an abstraction of runtime states. When software operates it reverse engineers itself by design, exposing its conceptual abstraction to the CPU and memory. The problem is that computers only need to know about what the current state is, and because of that, they discard this veritable treasure trove of information. Observation of software behavior provides no less data than static reverse engineering, and in fact provides a great deal more infor