Skip navigation.
Home

New to malware research...............

Hi All

I am new to malware research.
Can anyone suggest me form where i should start.
Wat are the common tools and from where i can download it with documents.

Please help me getting all these.
Thanks and regards,
Hooker

Tools

For the basics you would need:

1) A disassembler. Personally I use ndisasm and some custom code for function recognition and symbol resolution. More and more people prefer IDA, however basically that's all it does.

2) A debugger. For win32 - Windbg (what I use and like), Ollydbg (another popular one). For unices - GDB. Some platforms have other debuggers, but most have pretty painful interfaces and command structure, except for Ladebug for Tru64, which rules.

3) Architecture reference manuals. Understand the architecture you are trying to reverse engineer.

4) A compiler. Understand how a compiler turns code into executables, for example, how it does function calls, stack allocation, memory management, etc.

5) Binary format specification. Handy to pick up the stuff IDA misses or if you are cheap like I am and want to do your own parser.

Guides:

Anyone know of good guides? I figure all the reverse engineering and cracking tutorials are about the same at least from the google I just did. Seems security professionals have caught up to warez kids in recent years, kudos.