{"id":48540720,"url":"https://github.com/ndxdeveloper/reverse-engineering-gcc-gpp-training","last_synced_at":"2026-04-08T04:03:06.448Z","repository":{"id":349802454,"uuid":"1203952408","full_name":"NDXDeveloper/reverse-engineering-gcc-gpp-training","owner":"NDXDeveloper","description":"Complete Reverse Engineering training for ELF binaries (GCC/G++): 36 chapters, from x86-64 assembly to malware analysis. Bonus .NET, Rust, Go. Reverse Engineering course: ELF binaries, GCC, Ghidra, GDB, Frida, angr, YARA, ImHex. 36 chapters + solutions included. EN","archived":false,"fork":false,"pushed_at":"2026-04-07T17:23:50.000Z","size":1210,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2026-04-07T17:26:52.974Z","etag":null,"topics":["angr","assembly","binary-analysis","course","ctf","cybersecurity","elf","frida","gcc","gdb","ghidra","imhex","linux","malware-analysis","pwntools","reverse-engineering","tutorial","x86-64","yara"],"latest_commit_sha":null,"homepage":"","language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/NDXDeveloper.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2026-04-07T14:46:26.000Z","updated_at":"2026-04-07T17:23:54.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/NDXDeveloper/reverse-engineering-gcc-gpp-training","commit_stats":null,"previous_names":["ndxdeveloper/reverse-engineering-gcc-gpp-training"],"tags_count":null,"template":false,"template_full_name":null,"purl":"pkg:github/NDXDeveloper/reverse-engineering-gcc-gpp-training","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/NDXDeveloper%2Freverse-engineering-gcc-gpp-training","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/NDXDeveloper%2Freverse-engineering-gcc-gpp-training/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/NDXDeveloper%2Freverse-engineering-gcc-gpp-training/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/NDXDeveloper%2Freverse-engineering-gcc-gpp-training/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/NDXDeveloper","download_url":"https://codeload.github.com/NDXDeveloper/reverse-engineering-gcc-gpp-training/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/NDXDeveloper%2Freverse-engineering-gcc-gpp-training/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":31539232,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-04-07T16:28:08.000Z","status":"online","status_checked_at":"2026-04-08T02:00:06.127Z","response_time":54,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["angr","assembly","binary-analysis","course","ctf","cybersecurity","elf","frida","gcc","gdb","ghidra","imhex","linux","malware-analysis","pwntools","reverse-engineering","tutorial","x86-64","yara"],"created_at":"2026-04-08T04:03:00.929Z","updated_at":"2026-04-08T04:03:06.441Z","avatar_url":"https://github.com/NDXDeveloper.png","language":"Shell","readme":"# Reverse Engineering Training — GNU Toolchain (GCC/G++)\n\n\u003e **This content is strictly educational and ethical.** \n\u003e See [LICENSE](/LICENSE) for the full terms of use.\n\nComprehensive training on the **Reverse Engineering** of native binaries compiled with the GNU toolchain (GCC/G++), enriched with bonus modules on **.NET/C#**, **Rust**, and **Go** binaries.\n\n**36 chapters** · **9 parts** · **~120 hours** of content · **20+ training binaries** · **Checkpoints with solutions**\n\n---\n\n## 🎯 Objectives\n\nBy the end of this training, you will be able to:\n\n- Understand the internal structure of an ELF binary produced by GCC/G++ \n- Conduct a complete static analysis (disassembly, decompilation, hex inspection, diffing) \n- Conduct dynamic analysis (GDB debugging, Frida hooking, AFL++ fuzzing, angr/Z3 symbolic execution) \n- Reverse complex C++ (vtables, RTTI, name mangling, STL, templates, smart pointers) \n- Identify and bypass common protections (ASLR, PIE, canaries, RELRO, UPX, obfuscation) \n- Analyze malicious code in an isolated environment (ransomware, dropper, packing) \n- Apply these techniques to .NET/C# binaries (dnSpy, ILSpy, Frida-CLR) \n- Approach the RE of Rust and Go binaries (name mangling, runtime, specific structures) \n- Automate your RE workflows (Python scripts, Ghidra headless, YARA rules, CI/CD pipelines)\n\n---\n\n## 👥 Target audience\n\n| Profile | Prerequisites | \n|:---|:---| \n| C/C++ developer wanting to understand their binaries | C/C++ basics | \n| .NET/C# developer curious about RE | C# basics + notions of compilation | \n| Rust/Go developer facing RE | Language basics + ELF notions | \n| Cybersecurity student | Linux basics + command line | \n| Beginner/intermediate CTF participant | No RE prerequisites |\n\n---\n\n## 📦 Repository structure\n\n```\nreverse-engineering-gcc-gpp-training/\n├── README.md ← This file\n├── TABLE-OF-CONTENTS.md ← Detailed table of contents (36 chapters)\n├── LICENSE ← MIT + ethical disclaimer\n├── check_env.sh ← Environment verification script\n│\n├── preface.md ← Tutorial preface\n├── part-1-fundamentals.md ← Part I introduction\n├── part-2-static-analysis.md ← Part II introduction\n├── ... ← (one intro page per part)\n├── part-9-resources.md ← Part IX introduction\n│\n├── 01-introduction-re/ ← Chapter 1 — Introduction to RE\n│ ├── README.md\n│ ├── 01-definition-objectives.md\n│ ├── ...\n│ └── checkpoint.md\n├── 02-gnu-compilation-chain/ ← Chapter 2 — GNU Compilation Chain\n├── ... ← Chapters 3 through 36 (same structure)\n├── 36-resources-further-learning/ ← Chapter 36 — Resources for further learning\n│\n├── appendices/ ← Appendices A through K\n│ ├── README.md\n│ └── ...\n│\n├── binaries/ ← All training binaries\n│ ├── Makefile ← `make all` to recompile everything\n│ ├── ch05-keygenme/ ← Chapters 5–6 (triage, ImHex)\n│ ├── ch06-fileformat/\n│ ├── ch08-oop/\n│ ├── ch16-optimisations/ ← Chapter 16 (GCC optimizations)\n│ ├── ch17-oop/ ← Chapter 17 (C++ RE)\n│ ├── ch20-keygenme/ ← Chapter 20 (decompilation)\n│ ├── ch20-network/\n│ ├── ch20-oop/\n│ ├── ch21-keygenme/ ← Chapter 21 (keygenme practical case)\n│ ├── ch22-oop/ ← Chapter 22 (OOP + plugins practical case)\n│ ├── ch23-network/ ← Chapter 23 (network practical case)\n│ ├── ch24-crypto/ ← Chapter 24 (crypto practical case)\n│ ├── ch25-fileformat/ ← Chapter 25 (file format practical case)\n│ ├── ch27-ransomware/ ← ⚠️ Sandbox only\n│ ├── ch28-dropper/ ← ⚠️ Sandbox only\n│ ├── ch29-packed/ ← Chapter 29 (packing/unpacking)\n│ ├── ch32-dotnet/ ← Chapter 32 (.NET LicenseChecker)\n│ ├── ch33-rust/ ← Chapter 33 (Rust crackme)\n│ └── ch34-go/ ← Chapter 34 (Go crackme)\n│\n├── scripts/ ← Python utility scripts\n│ ├── triage.py ← Automatic binary triage\n│ ├── keygen_template.py ← pwntools keygen template\n│ └── batch_analyze.py ← Ghidra headless batch analysis\n│\n├── hexpat/ ← ImHex patterns (.hexpat)\n│ ├── elf_header.hexpat ← Generic ELF header\n│ ├── ch06_fileformat.hexpat ← CDB format (chapter 6)\n│ ├── ch23_protocol.hexpat ← ch23 network protocol\n│ ├── ch24_crypt24.hexpat ← CRYPT24 format (chapter 24)\n│ └── ch25_fileformat.hexpat ← CFR format (chapter 25)\n│\n├── yara-rules/ ← YARA rules\n│ ├── crypto_constants.yar ← Crypto constants detection (AES, SHA, MD5…)\n│ └── packer_signatures.yar ← Packer signatures (UPX…)\n│\n└── solutions/ ← Checkpoint solutions (⚠️ spoilers)\n ├── ch01-checkpoint-solution.md\n ├── ch02-checkpoint-solution.md\n ├── ...\n ├── ch21-checkpoint-keygen.py\n ├── ch22-checkpoint-plugin.cpp\n ├── ch23-checkpoint-client.py\n ├── ch24-checkpoint-decrypt.py\n ├── ch25-checkpoint-parser.py\n ├── ch25-checkpoint-solution.hexpat\n ├── ch27-checkpoint-decryptor.py\n ├── ch28-checkpoint-fake-c2.py\n ├── ch34-checkpoint-solution.md\n └── ch35-checkpoint-batch.py\n```\n\n---\n\n## 🛠️ Tools used\n\n### Static analysis\n\n| Tool | Role | Free | \n|:---|:---|:---:| \n| `readelf`, `objdump`, `nm` | ELF / Binutils inspection | ✅ | \n| `checksec` | Protection inventory | ✅ | \n| `strace` / `ltrace` | System and library calls | ✅ | \n| **ImHex** | Advanced hex editor + `.hexpat` patterns + YARA | ✅ | \n| **Ghidra** | Disassembler / decompiler (NSA) | ✅ | \n| **Radare2 / Cutter** | CLI + GUI analysis (based on Rizin) | ✅ | \n| IDA Free | Reference disassembler (free version) | ✅ | \n| Binary Ninja Cloud | Modern disassembler (free cloud version) | ✅ | \n| **BinDiff** / Diaphora | Binary diffing | ✅ | \n| **RetDec** | Offline static decompiler (CLI) | ✅ |\n\n### Dynamic analysis\n\n| Tool | Role | Free | \n|:---|:---|:---:| \n| **GDB** + GEF / pwndbg / PEDA | Enhanced native debugging | ✅ | \n| **Frida** | Dynamic instrumentation + hooking | ✅ | \n| `pwntools` | Scripting interactions with a binary | ✅ | \n| Valgrind / ASan / UBSan / MSan | Memory and runtime behavior analysis | ✅ | \n| **AFL++** / libFuzzer | Coverage-guided fuzzing | ✅ | \n| **angr** | Symbolic execution | ✅ | \n| **Z3** | Constraint solver (SMT) | ✅ |\n\n### .NET / C# reversing\n\n| Tool | Role | Free | \n|:---|:---|:---:| \n| **dnSpy / dnSpyEx** | Integrated .NET decompilation + debugging | ✅ | \n| **ILSpy** | Open source C# decompilation | ✅ | \n| dotPeek | JetBrains decompilation | ✅ | \n| de4dot | .NET assembly deobfuscation | ✅ | \n| Frida-CLR | .NET method hooking | ✅ |\n\n---\n\n## 🚀 Quick start\n\n### 1. Clone the repository\n\n```bash\ngit clone https://github.com/NDXDeveloper/reverse-engineering-gcc-gpp-training.git \ncd reverse-engineering-gcc-gpp-training \n```\n\n### 2. Install essential dependencies (Debian/Ubuntu/Kali)\n\n```bash\nsudo apt update \u0026\u0026 sudo apt install -y \\\n gcc g++ make gdb ltrace strace binutils \\\n bsdextrautils checksec valgrind python3-pip binwalk\n\npip3 install pwntools pyelftools lief frida-tools angr\n\n# AFL++\nsudo apt install -y afl++\n```\n\n\u003e 💡 For Ghidra, ImHex, and GUI tools, see **[Chapter 4](/04-work-environment/README.md)**, which details the installation step by step.\n\n### 3. Verify the environment\n\n```bash\nchmod +x check_env.sh\n./check_env.sh\n```\n\nThis script verifies that all required tools are installed and functional.\n\n### 4. Compile all training binaries\n\n```bash\ncd binaries/ \nmake all \n```\n\nEach chapter's `Makefile` produces several variants:\n\n```\n*_O0 ← no optimization, with symbols (-O0 -g)\n*_O2 ← -O2 optimized, with symbols\n*_O3 ← -O3 optimized, with symbols\n*_strip ← stripped (no symbols, -O0 -s)\n*_O2_strip ← optimized + stripped (most realistic case)\n```\n\n### 5. Start the training\n\n```bash\n# Open the detailed table of contents\nxdg-open TABLE-OF-CONTENTS.md\n```\n\nOr start directly with **[Chapter 1 — What is RE?](/01-introduction-re/README.md)**\n\n---\n\n## ⚠️ Warning — Part VI (Malware)\n\nThe binaries of chapters 27 and 28 (`ch27-ransomware/`, `ch28-dropper/`) are **intentionally limited educational prototypes**:\n\n- The ransomware encrypts only `/tmp/test/` with a hardcoded AES key \n- The dropper only communicates with `127.0.0.1:4444`, without persistence \n- **Never compile or run them outside a snapshotted VM isolated from the network**\n\n**[Chapter 26](/26-secure-lab/README.md)** details the setup of the secure lab — it must be completed before any work on chapters 27-29.\n\n---\n\n## 📚 Table of contents\n\n| Part | Content | Chapters | \n|:---|:---|:---:| \n| **[I](/part-1-fundamentals.md)** — Fundamentals | Intro RE, GNU toolchain, x86-64 assembly, environment | 1 – 4 | \n| **[II](/part-2-static-analysis.md)** — Static Analysis | Binutils, ImHex, objdump, Ghidra, IDA, Radare2, Binary Ninja, diffing | 5 – 10 | \n| **[III](/part-3-dynamic-analysis.md)** — Dynamic Analysis | GDB, GEF/pwndbg, Frida, Valgrind/Sanitizers, AFL++/libFuzzer | 11 – 15 | \n| **[IV](/part-4-advanced-techniques.md)** — Advanced Techniques | GCC optimizations, C++ RE, symbolic execution, anti-reversing, decompilation | 16 – 20 | \n| **[V](/part-5-practical-cases.md)** — Practical Cases | Keygenme, OOP + plugins, network, crypto, custom format | 21 – 25 | \n| **[VI](/part-6-malware.md)** — Malware (sandbox) | Secure lab, ransomware, dropper, unpacking | 26 – 29 | \n| **[VII](/part-7-dotnet.md)** — Bonus .NET/C# | .NET RE, ILSpy, dnSpy, Frida-CLR | 30 – 32 | \n| **[VIII](/part-8-rust-go.md)** — Bonus Rust \u0026 Go | Rust RE specifics, Go RE specifics | 33 – 34 | \n| **[IX](/part-9-resources.md)** — Resources | Scripting, automation, CTF, readings, certifications | 35 – 36 |\n\n➡️ **[Detailed table of contents (TABLE-OF-CONTENTS.md)](/TABLE-OF-CONTENTS.md)**\n\n---\n\n## 🧭 Recommended paths\n\nDepending on your profile, you can follow the training linearly or in a targeted way:\n\n| Goal | Suggested path | \n|:---|:---| \n| **Complete training** | Parts I → IX in order | \n| **Get started in RE quickly** | Chapters 1–5, then 11, then 21 (keygenme) | \n| **Prepare for CTFs** | Chapters 3, 5, 8, 11, 13, 18, 21 | \n| **Malware analysis** | Parts I–III, then Part VI directly | \n| **.NET / C# RE only** | Chapter 1, then Part VII | \n| **Rust / Go RE** | Chapters 1–5, 8, 11, then Part VIII |\n\n---\n\n## 🎯 Checkpoints\n\nEach chapter (or group of chapters) ends with a **checkpoint**: a practical exercise that validates what you have learned before moving on. Solutions are in `solutions/`.\n\n\u003e ⚠️ Always try to solve the checkpoint by yourself before consulting the solution.\n\n---\n\n## 🤝 Contributing\n\nContributions are welcome:\n\n- Correcting technical or typographical errors \n- Adding variants of training binaries \n- Adding `.hexpat` patterns or YARA rules\n\nPlease open an **issue** before any major pull request.\n\n---\n\n## 📄 License\n\n[MIT](/LICENSE) — © 2025-2026 [Nicolas DEOUX / NDXDeveloper] \nThis content is strictly educational and ethical. See the [full disclaimer](/LICENSE).\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fndxdeveloper%2Freverse-engineering-gcc-gpp-training","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fndxdeveloper%2Freverse-engineering-gcc-gpp-training","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fndxdeveloper%2Freverse-engineering-gcc-gpp-training/lists"}