aljaz/securedorg.github.io

mirror of https://github.com/aljazceru/securedorg.github.io.git synced 2026-01-09 17:24:23 +01:00

Files

Amanda Rousseau 80ade259a4 adding tool diagrams

2017-03-20 18:29:16 -07:00

2.9 KiB

Raw Blame History

layout, permalink, title

layout	permalink	title
default	/RE101/section3/	RE Tools

Go Back to Reverse Engineering Malware 101

Section 3: Reverse Engineering (RE) Tools

Disassemblers

Ida
- Free (Used in this worksop)
- Pro (Most Popular)
Radare
Capstone

Disassembler: IdaFree

Visual Modes
- Graph Mode - control flow diagram
- Text Mode - default view of disassembled code
Command Cheatsheet
- Please refer to this Ida cheatsheet
Common Commands

Action	Command
Jump to xref to operand	X
Jump to address	G
Enter comment	Shift+;

Debuggers

x64dbg (Used in this worksop)
Immunity
OllyDbg (Most Popular)
WinDbg

Debugger: x64dbg

Common Commands

Action	Command
Enter comment	Shift+;
BreakPoint	F2
Step into	F7
Step over	F8
Run	F9
Edit Instruction	Enter

Keyboard Layout for IdaFree and x64dbg

Decompilers

Snowman (Integrated with x64dbg)
dotPeek .NET decompiler

Information Gathering

CFF Explorer - PE header parser (Used in this worksop)
Sysinternals Suite (Used in this worksop)
- procmon
- procexplorer
InetSim: Internet Services Simulation Suite (Used in this worksop)
Yara: pattern matching rule engine
Wireshark - network sniffing (Used in this worksop)
API Monitor

Information Gathering: CFF Explorer

Parses the PE headers
Explores Resources
Unpacks UPX

Information Gathering: Sysinternals Suite

advanced system utilities
Procmon - Monitor processes running on the system

Support

HxD Hex Editor (Used in this worksop)
Python - used for automating tasks

Section 2.1 <- Back | Next -> Section 4