Рет қаралды 114,289
Open Analysis Live! A few tips and tricks to help you analyze malware with IDA Pro.
-----
OALABS DISCORD
/ discord
OALABS PATREON
/ oalabs
OALABS TIP JAR
ko-fi.com/oalabs
OALABS GITHUB
github.com/OALabs
UNPACME - AUTOMATED MALWARE UNPACKING
www.unpac.me/#/
-----
Automated Malware Unpacking
www.unpac.me/
PE Mapped Virtual Address vs. Offset In Binary File: 02:55
IDA Pro Layout Tips: 05:10
Dynamically Resolving APIs: 08:10
IDA Pro Remote Debugger Setup and Use: 09:06
Walking Call Chain From Hooked API Back To Malware: 22:59
Using Memory Snapshots To Unpack Malware (Quick Unpacking): 40:07
Win32 API Calls and The Stack (How To Change Arguments On The Fly): 46:28
IDA Pro Remote Debugger (Debugging a DLL): 01:16:32
PE basics including how a PE is mapped in memory:
www.delphibasics.info/home/del...
www.delphibasics.info/home/del...
Link to the most excellent IDA Pro book:
www.nostarch.com/idapro2.htm
Microsoft calling conventions:
msdn.microsoft.com/en-us/libr...
RegTestUPX1.exe (benign demo application, safe to run):
www.virustotal.com/en/file/31...
final_unmapped.dll (DLL demo **WARNING REAL MALWARE ONLY RUN IN A VM)
www.virustotal.com/en/file/27...
We are always looking for feedback, what did you like, what do you want to see more of, what do you want to see us analyze next? Let us know on twitter:
/ herrcore
/ seanmw
As always check out our tools, tutorials, and more content over at www.openanalysis.net
#IDAPro #ReverseEngineering #MalwareAnalysis