Chapter 1 Source Code Recovery and Analysis | OverflowMyBuffers

Skip to main content

Source Code Recovery

Focus on Java and .NET due to their role in enterprise web applications.
Tools for decompilation:
- .NET: dnSpy used for decompiling and debugging.
- Java: JD-GUI for decompiling .class files from .jar archives.

Decompilation and Code Modification

Example of a C# application is compiled, decompiled, modified, and recompiled.
Cross-referencing is essential for understanding application flow and logic.

Source Code Analysis

Manual analysis is irreplaceable for identifying complex code paths and vulnerabilities.
Consider automated tools for identifying straightforward vulnerabilities.
Tips for effective analysis:
- Enable database query logging.
- Use debug print statements.
- Attempt live-debugging of target application.
- Focus on less-attended application areas.
- Review user input sanitization mechanisms.

Exercises and Practical Application

Exercises encourage practice with the tools and techniques discussed.
Suggest practicing on provided lab environments to solidify understanding of source code recovery and analysis.