OpenRCE

About Articles Book Store Distributed RCE Downloads Event Calendar Forums Live Discussion Reference Library RSS Feeds Search Users What's New

Customize Theme

Flag: Tornado! Hurricane!

Topic created on: November 23, 2010 09:03 CST by scd .

Hi,
I usually work with Ida as a disassembler and Immunity for debugging.
I get tired of anti-deb tricks, and having so many ring 0 debuggers even with stubs for Ida, I thought it could save me some time.

So having malware research in mind, which debugging tool/environment would you recommend me?

R4ndom		May 7, 2012 01:47.11 CDT
Ida is great. Ollydbg is good for dynamic research. Use peid and a good hex editor. Then start studying. It is a lot of learning and takes a lot of time. Keep it up.

NirIzr		May 7, 2012 12:01.06 CDT
for starters you could use some olly anti-anti-debugging plugins to bypass most known tricks. that might solve a few of your problems. other than that, as the above comment said, i use (for malware reversing) mostly IDA and ollydbg. v2 has some good anti-anti-debugging enhancements but not a lot of plugins yet, so i keep both near by. obviously a kernel debugger is also handy :) if your task is to reverse engineer malware, that's the way to go. but if you want to avoid anti-debugging tricks you could use a bunch of monitoring tools (like those available from SysInternals, wireshark, etc...) these will be a lot less informative, and you could also see only what actually goes on at the moment and won't have any idea what could but doesn't happen for some reason (like waiting for a trigger, as most malware does). but this approach (which if you ask me is useless for any real reversing) is a lot less invasive, easier to use and requires less skills and understanding (but don't forget to get to the real stuff as well, to make sure you don't miss anything important). i can't think of another approach that answers your description.

Note: Registration is required to post to the forums.

There are 29,892 total registered users.

Recently Created Topics
Decompiling raw bina...	May/22
Incorrect bitness wh...	May/20
PaiMei stalker modul...	May/19
Attach to program us...	May/13
IDA PRO how to make ...	May/12
FACT: OpenRCE is dead.	May/08
Int 3 anti debug?	May/05
help needed - Beginn...	May/03
Attaching IDA Pro to...	Apr/27
File type	Apr/21

Recent Forum Posts
Ollydbg 2.0 - Plugin...	openrce...
IDA PRO how to make ...	codeinject
FACT: OpenRCE is dead.	codeinject
IDA Resource Viewer ...	r2x64
FACT: OpenRCE is dead.	djnemo
FACT: OpenRCE is dead.	codeinject
FACT: OpenRCE is dead.	pedram
help needed - Beginn...	araujo
Attaching IDA Pro to...	codeinject
Int 3 anti debug?	codeinject

Recent Blog Entries
	nfljerseysmart	May/23

	nfljerseysmart	May/23

	laangels	May/22
The Reason You Need A Mark ...
	laangels	May/22
Buy Albert Pujols Jersey an...
	lowpriority	Apr/13
OllyMigrate Plugin for Olly...
More ...

Recent Blog Comments
	clarisonic on:	Apr/03
New version of Ollydbg!
	clarisonic on:	Apr/03
New version of Ollydbg!
	trackerx90 on:	Mar/04
SuppressDebugMsg As Anti-De...
	coachfactory on:	Feb/25
Portable Executable Format ...
	coachfactory on:	Feb/25
A new Anti-Olly trick.
More ...

Imagery

SoySauce Blueprint
Jun 6, 2008

[+] expand

View Gallery (11) / Submit