name: assisting-reverse-engineering description: Provides reverse engineering analysis support including function identification, data structure analysis, and behavior understanding. Use when analyzing unknown binaries, understanding program structure, or investigating binary behavior.

Reverse Engineering Assistance

Analysis Workflow

1. Initial survey: Get function list, extract strings, identify imports and exports, map binary structure
2. Key function analysis: Decompile main/entry functions, analyze control flow, identify critical operations, classify functions by purpose
3. Data flow mapping: Trace data through functions, identify data structures, map global state, analyze stack layouts
4. Behavior understanding: Identify protocol handlers, understand input/output patterns, map to known functionality, reconstruct high-level logic

Key Capabilities

• Function identification: entry points and main functions, common library functions, custom application logic, function classification
• Data structure analysis: strings and constants, data structures (structs, arrays), global variables, stack layouts
• Pattern recognition: common algorithms (sorting, hashing), protocol implementations, obfuscation techniques, anti-debugging code
• Code reconstruction: high-level logic reconstruction, control flow patterns, error handling, mapping to source concepts

Output Format

Report with: binary_summary (type, architecture, language, compiler), key_functions (entry_points, protocol_handlers, utility_functions), data_structures, strings_of_interest, behavior_analysis (protocols, ports, functionality), recommendations.

Quality Criteria

• Accuracy: Correct identification of functionality
• Completeness: Cover all key aspects
• Clarity: Clear explanations of behavior
• Actionability: Highlight areas needing review

See Also

• patterns.md - Detailed analysis patterns and techniques
• examples.md - Example analysis cases and output formats
• references.md - Tools and best practices