Practical COM code reconstruction with IDA PRO (Movie tutorial)

Submitted by frank_boldewin on Mon, 2007-07-16 16:06. Research

Since more and more malware are using the COM interface I thought it was time to write some reconstruction helpers and creating a video tutorial how to use it on a real life malware. You'll see how a complete function which uses the COM interface will be translated into far more readable code than before. The code itself dumps the windows protected storage to steal account data like member site passes, outlook express accounts, autocomplete fields and so forth. The IDAPython scripts are indeed also available on my site.

Practical COM Code Reconstruction at Reconstructer.org

Enjoy,
Frank Boldewin

» frank_boldewin's blog | login or register to post comments

Nice work

Submitted by volker_seekuhrity on Thu, 2007-07-19 01:23.

Hi Frank.

Just to make it short: Really nice work.

Best regards,
Volker

» login or register to post comments

User login

Malware Search

Navigation

Active forum topics

Recent blog posts

Navigation

Affiliates

Links

Who's online

Online users

Ads

Practical COM code reconstruction with IDA PRO (Movie tutorial)

Nice work