---
name: assisting-reverse-engineering
description: Provides reverse engineering analysis support including function identification, data structure analysis, and behavior understanding. Use when analyzing unknown binaries, understanding program structure, or investigating binary behavior.
---

# Reverse Engineering Assistance

## Analysis Workflow

1. **Initial survey**: Get function list, extract strings, identify imports and exports, map binary structure
2. **Key function analysis**: Decompile main/entry functions, analyze control flow, identify critical operations, classify functions by purpose
3. **Data flow mapping**: Trace data through functions, identify data structures, map global state, analyze stack layouts
4. **Behavior understanding**: Identify protocol handlers, understand input/output patterns, map to known functionality, reconstruct high-level logic

## Key Capabilities

- Function identification: entry points and main functions, common library functions, custom application logic, function classification
- Data structure analysis: strings and constants, data structures (structs, arrays), global variables, stack layouts
- Pattern recognition: common algorithms (sorting, hashing), protocol implementations, obfuscation techniques, anti-debugging code
- Code reconstruction: high-level logic reconstruction, control flow patterns, error handling, mapping to source concepts

## Output Format

Report with: binary_summary (type, architecture, language, compiler), key_functions (entry_points, protocol_handlers, utility_functions), data_structures, strings_of_interest, behavior_analysis (protocols, ports, functionality), recommendations.

## Quality Criteria

- **Accuracy**: Correct identification of functionality
- **Completeness**: Cover all key aspects
- **Clarity**: Clear explanations of behavior
- **Actionability**: Highlight areas needing review

## See Also

- `patterns.md` - Detailed analysis patterns and techniques
- `examples.md` - Example analysis cases and output formats
- `references.md` - Tools and best practices