Application Analysis and Reverse Engineering

October 27, 2015 | Views: 2222

Begin Learning Cyber Security for FREE Now!

FREE REGISTRATIONAlready a Member Login Here


First, I’ll begin with the basics. Most applications consist of a Graphical User Interface or GUI, Middle-ware and or integrated logic and a database. These are the key components to being able to understand any application and how it functions. These components also can be combined on either a single workstation/server or split up in to two groups.

The first group would be the thick client where the GUI and middle-ware are located on the workstation and the database located on the server side (this is a very basic explanation). The second group would be the thin client configuration, where the GUI resides on the workstation and middle-ware/database can exist on one or many servers.



To understand the middle-ware, you must figure out the GUI and Database structure. Most of the time, the GUI will give you a very good idea of what the tables and rows in the database will consist of. The link the GUI makes with the server will give you the IP of the middle-ware/database server. If that link is web-based, a reverse lookup of the URL used to access the GUI will direct you to the correct IP. If the link is Thick client-based, there will usually be a config.ini file that will give you a lot of useful information.

Sometimes, there will be multiple config.ini files based on running middle-ware (a.k.a Modules). You may also do a net-stat at the command line. Close the application we’re engineering and run net-stat – then re-launch the application. After re-launch of application, open a new command prompt and run net-stat again. Compare the before and after results and you have your data links in question. During the analysis stages, you’ll need to think about gaining access to the database.

If you don’t know the credentials to access the database, they can be found in a place most people don’t look: backup scripts, backup.bat, backup.cmd or backup software. I usually go to the Task Manager on the servers to find scheduled backups. The properties of the task will lead you to the script. The script usually will have the login credentials to access the database being backed up.



The middle-ware is where the data conversion and routing takes place. Middle-ware is a very large subject and cannot be explained in one paragraph. There are many types of middle-ware that consist of Modules, Message bus, conversion tools and other types of logic. Once you understand what the different types of middle-ware do, you’ll then be able to easily map out a data-flow diagram to research for a more secure application as a whole.

Data manipulation that happens at this level usually is not encrypted and is easily grabbed from the working directory. Another very good tool for analyzing middle-ware is the tail software or command line. Using tail to monitor log files will give you a wealth of information about the type of data that is being manipulated and where the data routes to.


This was a very quick overview of a few techniques I use to resolve a lot of issues when thrown into a non – familiar application analysis project. I may continue this if enough requests are received. Please feel free to message me with any questions and I will answer them accordingly.

– Thank you –

Share with Friends
Use Cybytes and
Tip the Author!
Share with Friends
Ready to share your knowledge and expertise?
  1. i really love this i hope we learn more and be able to help in any part. keep it up we are behind u and we shall give 100% cooperation

    • Thank you very much. Cyber Security is a collaboration of all aspects of the Information Technology framework. My intentions are to introduce application vulnerabilities to students. Real world research and data analysis.

  2. Starting out i would suggest either downloading a client/server application and learn the basics of that application, such as what programming language it was written in. Understand the basics of how programs work with each other to generate a desired result. Most of the time the Middle-ware will either use the native directory to manipulate the data but sometimes will also use windows temp directory. The Client side and database side are pretty straight forward but the Middle-Ware will be where i would focus. Any good programmer will have a log directory that will retain routing info, conversion info, and even some confidential info. I work with alot of high end applications and for support reasons i have to jump in and figure out where the data has become corrupt or stalled. APIs or Application programming interfaces would be another great subject to delve into. As i can think of more i will update.

  3. I am brand new to anything programming related. I think I grab the basic ideas you laid out and would love more in depth information. Where would you suggest

Comment on This

You must be logged in to post a comment.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Support Cybrary

Donate Here to Get This Month's Donor Badge


We recommend always using caution when following any link

Are you sure you want to continue?