aljaz/securedorg.github.io

mirror of https://github.com/aljazceru/securedorg.github.io.git synced 2025-12-26 18:34:42 +01:00

Files

Amanda Rousseau b040af1d58 adding tool diagrams

2017-03-20 18:04:49 -07:00

2.4 KiB

Raw Blame History

layout, permalink, title

layout	permalink	title
default	/RE101/section3/	RE Tools

Go Back to Reverse Engineering Malware 101

Section 3: Reverse Engineering (RE) Tools

Disassemblers

Ida
- Free (Used in this worksop)
- Pro (Most Popular)
Radare
Capstone

IdaFree

Visual Modes

Graph Mode - control flow diagram
Text Mode - default view of disassembled code

Command Cheatsheet Please refer to this Ida cheatsheet

Common Commands

Action	Command
Jump to xref to operand	X
Jump to address	G
Enter comment	Shift+;

Debuggers

x64dbg (Used in this worksop)
Immunity
OllyDbg (Most Popular)
WinDbg

x64dbg

Common Commands

Action	Command
Enter comment	Shift+;
BreakPoint	F2
Step into	F7
Step over	F8
Run	F9
Edit Instruction	Enter

Keyboard Layout for IdaFree and x64dbg

Decompilers

Snowman (Integrated with x64dbg)
dotPeek .NET decompiler

Information Gathering

CFF Explorer - PE header parser (Used in this worksop)
Sysinternals Suite (Used in this worksop)
- procmon
- procexplorer
InetSim: Internet Services Simulation Suite (Used in this worksop)
Yara: pattern matching rule engine
Wireshark - network sniffing (Used in this worksop)
API Monitor

Support

HxD Hex Editor (Used in this worksop)
Python - used for automating tasks

Section 2.1 <- Back | Next -> Section 4