Scratchpad

If you are new to Scratchpad, and want full access as a Scratchpad editor, create an account!
If you already have an account, log in and have fun!!

READ MORE

Scratchpad
Register
Advertisement

This is a project to mentor people on reverse engineering of software. We will focus on Windows malware.

This is for people who have no reverse engineering skills.

Mentoring doesn't mean that we will be making a tutorial. We will point you in the right direction, but you will have to study topics we mention on your own. For example, you need to be able to read assembly language. We will point you to assembly language tutorials and mention particular points you should study. You can add your own insights and links to this Wiki.

And you can ask questions, of course. Although it is not required, please create an account to edit this Wiki, this makes it easier for us to know who posts questions.

There is a Wikibook on Reverse Engineering [1]

I will start the mentoring by pointing you to free tools and by creating some exercises.

My name is Didier Stevens, I have a gmail address and a blog https://DidierStevens.com.


Unpacking and Decrypting with IDA[]

  • Does anyone have any good pointers or references to unpacking and decrypting malware, especially with IDA? (PDF reference here)
    • there's static and dynamic unpacking. The rest should be easy to search (searching is part of RCE). Maybe the Titan-Framework (has C++ code that applies generic unpacking methods) is helpful. IDA is not a general all-in-one-wonder tool.
Advertisement