What is it? @.@

Here is the place where I record some tactics about wargame, systems, and other security issues.

2013-03-19

Notes for Code Analysis Process

Description:
  • In general, you are unlikely to have source code to a relatively unknown malware, and will need to resort to using three types of tools to reverse engineer the executable: a string extractor such as strings for Unix or BinText for Windows, a disassembler such as IDA Pro, and a debugger such as OllyDbg.

Steps:
  1. Take a look at embedded strings (BinText or strings)
  2. Examine program code using a disassembler (IDA Pro)
  3. Step through complicated code using a debugger (OllyDbg)

Tools or Tactics:
  1. Embedded strings offer a snapshot shorter than assembly code
  2. IDA Pro is a Powerful Disassembler
    • Disassembles compiled executables into assembly instructions
    • Allows review of program code
    • Also includes a debugger
  3. Debuggers let you execute malware under highly controlled conditions, with the ability to step through the program as slowly as one instruction at a time.
    • Step through the code as it executes
    • Use breakpoints to interrupt program to examine specific workflow branches
    • Examine and manipulate runtime environment
    • OllyDbg is an excellent debugger that happens to be free

No comments:

Post a Comment