[utsav.0202]

Hi
I have just got familiar with the term malware and rootkits. I have been reading different forums related to it for last month and many times I came across the term "reverse engineering". I understand what it means.
Now I want to analyze a rootkit so I must know 'reverse engineering'.
What does it means in this context?
What all do I need to learn?
Where do I start?

[r2nwcnydc]

You'll need to learn to read assembly language. Since you're interested in rootkits I would recommend x86/amd64 assembly.
Once you can read assembly, download IDA Pro and play around with it. Try reversing a small program; try calc.exe or something similar.
After that, pick up some books on Malware and reverse engineering. These will give you tips on how to reverse more complicated programs.

"Reversing: Secrets of Reverse Engineering" is a good book that will help you get started.

[utsav.0202]

Please suggest me a book or something for Assembly Language.

[Alex]

Here is a nice book - The Art of ASSEMBLY LANGUAGE PROGRAMMING.

[newgre]

I tend to disagree that the first best thing in order to master reverse engineering is to learn assembly language. What's more important is to learn how to develop non-trivial programs, because that's what you need to understand when you are reversing anything mildly complex: understand program structure, reason about encapsulation of functionality, get a grasp of the overall program layout and why it makes sense to do so. Understanding the bare assembly instructions is only the next step - you won't be a good reverse engineer without having a very good understanding of programming concepts (plus experience in the high level language you are reversing). Hope this makes sense to you

[r2nwcnydc]

I agree that knowing how to program / understanding program structure is helpful. But I've known very good reverse engineers who are piss poor programmers and vice versa, so I'd have to disagree with that being the place to start.

[1984]

I think one of the best ways to learn is to write some simple programs of your own, compile them and then open them up in IDA to see what they look like.

It might also be worthwhile trying to crack some of the simple programs at http://crackmes.de/

I also thought the following article was handy for learning x64/amd64 reversing:

http://www.uninformed.org/?v=4&a=1&t=sumry