OpenRCE

📚 OpenRCE is preserved as a read-only archive. Launched at RECon Montreal in 2005. Registration and posting are disabled.

About Articles Book Store Distributed RCE Downloads Event Calendar Forums Live Discussion Reference Library RSS Feeds Search Users What's New

Customize Theme

Flag: Tornado! Hurricane!

Topic created on: November 23, 2010 09:03 CST by scd .

Hi,
I usually work with Ida as a disassembler and Immunity for debugging.
I get tired of anti-deb tricks, and having so many ring 0 debuggers even with stubs for Ida, I thought it could save me some time.

So having malware research in mind, which debugging tool/environment would you recommend me?

R4ndom		May 7, 2012 01:47.11 CDT
Ida is great. Ollydbg is good for dynamic research. Use peid and a good hex editor. Then start studying. It is a lot of learning and takes a lot of time. Keep it up.

NirIzr		May 7, 2012 12:01.06 CDT
for starters you could use some olly anti-anti-debugging plugins to bypass most known tricks. that might solve a few of your problems. other than that, as the above comment said, i use (for malware reversing) mostly IDA and ollydbg. v2 has some good anti-anti-debugging enhancements but not a lot of plugins yet, so i keep both near by. obviously a kernel debugger is also handy :) if your task is to reverse engineer malware, that's the way to go. but if you want to avoid anti-debugging tricks you could use a bunch of monitoring tools (like those available from SysInternals, wireshark, etc...) these will be a lot less informative, and you could also see only what actually goes on at the moment and won't have any idea what could but doesn't happen for some reason (like waiting for a trigger, as most malware does). but this approach (which if you ask me is useless for any real reversing) is a lot less invasive, easier to use and requires less skills and understanding (but don't forget to get to the real stuff as well, to make sure you don't miss anything important). i can't think of another approach that answers your description.

Note: Registration is required to post to the forums.

There are 31,328 total registered users.

Recently Created Topics
[help] Unpacking VMP...	Mar/12
Reverse Engineering ...	Jul/06
let 'IDAPython' impo...	Sep/24
set 'IDAPython' as t...	Sep/24
GuessType return une...	Sep/20
About retrieving the...	Sep/07
How to find specific...	Aug/15
How to get data depe...	Jul/07
Identify RVA data in...	May/06
Question about memor...	Dec/12

Recent Forum Posts
Finding the procedur...	rolEYder
Question about debbu...	rolEYder
Identify RVA data in...	sohlow
let 'IDAPython' impo...	sohlow
How to find specific...	hackgreti
Problem with ollydbg	sh3dow
How can I write olly...	sh3dow
New LoadMAP plugin v...	mefisto...
Intel pin in loaded ...	djnemo
OOP_RE tool available?	Bl4ckm4n

Recent Blog Entries
	halsten	Mar/14
Breaking IonCUBE VM
	oleavr	Oct/24
Anatomy of a code tracer
	hasherezade	Sep/24
IAT Patcher - new tool for ...
	oleavr	Aug/27
CryptoShark: code tracer ba...
	oleavr	Jun/25
Build a debugger in 5 minutes
More ...

Recent Blog Comments
	nieo on:	Mar/22
IAT Patcher - new tool for ...
	djnemo on:	Nov/17
Kernel debugger vs user mod...
	acel on:	Nov/14
Kernel debugger vs user mod...
	pedram on:	Dec/21
frida.github.io: scriptable...
	capadleman on:	Jun/19
Using NtCreateThreadEx for ...
More ...

Imagery

SoySauce Blueprint
Jun 6, 2008

[+] expand

View Gallery (11) / Submit