From: Mark Doliner <mark@ki...> - 2004-05-03 02:07:22
I don't know of any documents suggesting methodologies for reverse
engineering. Generally you want to look for patterns ("every packet that
contains an error message starts with the bytes 0x0101") and cause and effect
relationships ("if I turn off file sharing then my computer sends this
packet"). And knowledge of other networking protocols usually helps a little
bit. People that write protocols like to borrow ideas from elsewhere (with
good reason). For example, when sending the string "meow," often the number 4
will be written to a stream followed by the actually string.
I guess you're probably looking for something more detailed than that. You
could always ask Microsoft :-)
O O Mark Doliner
\ | mark@...
\ | http://www.kingant.net
"There needs to be a better word for weird."