Good resource for learning how to debug & reverse engineer?
- ConanTheLibrarian
- Posts: 56
- Joined: Mon Mar 15, 2010 1:12 am
- Location: USA
- Contact:
Good resource for learning how to debug & reverse engineer?
I am a malware remover working for a commercial company. I see new stuff all the time and figure out ways of removing malware online without going into any offline environment. However, I do not know how to debug or reverse engineer. I have no programing experience. Is there somewhere I can go or something I can read that will help educate me?
Re: Good resource for learning how to debug & reverse engine
http://forum.tuts4you.com/index.php is a good place for this - they have lots of tutorials, some with video, on how to learn to Reverse-Engineer. I would recommend you download some packers or malware, install them in a Virtual Machine, and then go ahead and try out debugging or unpacking. You should always do reverse-engineering in a Virtual Machine (VMWare, Microsoft Virtual PC, etc.)
Thanks,
--AD
Thanks,
--AD
-
- Posts: 92
- Joined: Sun Mar 14, 2010 8:20 am
Re: Good resource for learning how to debug & reverse engine
Good point AD,
Furthermore you can pick up some books on reverse engineering like "Reversing : secrets of reverse engineering" and "IDA Pro book" from no starch press.
These can help you understand some concepts behind Operating System and better understanding of underlying architecture you're working on .
best regards,
-Genius
Furthermore you can pick up some books on reverse engineering like "Reversing : secrets of reverse engineering" and "IDA Pro book" from no starch press.
These can help you understand some concepts behind Operating System and better understanding of underlying architecture you're working on .
best regards,
-Genius
- Individuality
- GamingMasteR
- Global Moderator
- Posts: 228
- Joined: Sun Mar 07, 2010 10:52 am
Re: Good resource for learning how to debug & reverse engine
Hi,
For malware analysis I suggest you to intense your reading/practising on threa fields :
- Unpacking & rebuilding executables memory dumps
- Obfuscated & virtualized binary code
- Anti-Xxx tricks (anti-debug/anti-trace/anti-blah blah)
You may also visit woodmann & ARTeam forums :
woodmann.com
accessroot.com
Good luck,
GM
For malware analysis I suggest you to intense your reading/practising on threa fields :
- Unpacking & rebuilding executables memory dumps
- Obfuscated & virtualized binary code
- Anti-Xxx tricks (anti-debug/anti-trace/anti-blah blah)
You may also visit woodmann & ARTeam forums :
woodmann.com
accessroot.com
Good luck,
GM
Re: Good resource for learning how to debug & reverse engine
Hi,
Without any intent of spam or self proclamation, I've done a good amount of Malware Analysis papers that you can reach here:
http://evilcry.netsons.org/mw.html
http://evilcodecave.blogspot.com/
Regards,
Giuseppe 'Evilcry' Bonfa
Without any intent of spam or self proclamation, I've done a good amount of Malware Analysis papers that you can reach here:
http://evilcry.netsons.org/mw.html
http://evilcodecave.blogspot.com/
Regards,
Giuseppe 'Evilcry' Bonfa
- Buster_BSA
- Posts: 390
- Joined: Mon Mar 22, 2010 6:42 am
Re: Good resource for learning how to debug & reverse engine
Hey Evilcry!Evilcry wrote:Without any intent of spam or self proclamation, I've done a good amount of Malware Analysis papers that you can reach here:
Did you ever receive a mail I sent you?
-
- Posts: 21
- Joined: Fri Aug 05, 2011 9:12 pm
Re: Good resource for learning how to debug & reverse engine
Giuseppe, your name certainly rings a bell, but where did your blog go meanwhile? You retired your old one, but the new one seems to be inaccessible (or gone) as well. Any ideas anyone ...? 

Re: Good resource for learning how to debug & reverse engine
ARTeam does have nice tuts
check it out: http://www.accessroot.com/arteam/site/news.php
another awesome tuts: http://portal.b-at-s.net/download.php
check it out: http://www.accessroot.com/arteam/site/news.php
another awesome tuts: http://portal.b-at-s.net/download.php
Re: Good resource for learning how to debug & reverse engine
Step 1: Learn C/C++/Delphi etc. You can't reverse engineer if you can't forward engineer.
Step 2: Learn x86 assembly - http://opensecuritytraining.info/IntroX86.html (includes videos)
Step 3: Learn x86 architecture - http://opensecuritytraining.info/IntermediateX86.html (includes videos)
Step 4: Learn PE binary format - http://opensecuritytraining.info/LifeOfBinaries.html (includes videos)
Step 5: Learn about IDA & general RE thought process - http://opensecuritytraining.info/Introd ... ering.html (video pending)
Step 6: Learn about some stealth malware techniques - http://opensecuritytraining.info/Rootkits.html (includes videos)
Step 7: Learn more by encouraging other people to submit their own class material - http://opensecuritytraining.info/Why.html
Xeno
Step 2: Learn x86 assembly - http://opensecuritytraining.info/IntroX86.html (includes videos)
Step 3: Learn x86 architecture - http://opensecuritytraining.info/IntermediateX86.html (includes videos)
Step 4: Learn PE binary format - http://opensecuritytraining.info/LifeOfBinaries.html (includes videos)
Step 5: Learn about IDA & general RE thought process - http://opensecuritytraining.info/Introd ... ering.html (video pending)
Step 6: Learn about some stealth malware techniques - http://opensecuritytraining.info/Rootkits.html (includes videos)
Step 7: Learn more by encouraging other people to submit their own class material - http://opensecuritytraining.info/Why.html
Xeno