Reverse Engineering C++ Malware With IDA Pro



This tutorial covers the basics needed to get started with reverse engineering C++ malware. We cover classes, constructors, structs, and a few tricks to help speed up your analysis with IDA. We have a short blog post here:

Automated Malware Unpacking

The compiled example we analyzed is available on malshare here:

You can download the freeware version of IDA here (sorry no decompiler):

If you want to try Ghidra there is an excellent online tutorial website you can check out here:

Ghidra download:

Feedback, questions, and suggestions are always welcome : )

Sergei
Sean

As always check out our tools, tutorials, and more content over at

#ReverseEngineering #cpp #structs #IDAPro

Nguồn: https://infernalaffairsguild.com/

Xem thêm bài viết khác: https://infernalaffairsguild.com/cong-nghe/


Article Categories:
Công Nghệ

Comments

  • thank you for knowledge!!! maybe a bit of zoom on text would be nice… great tut

    ala_borbe June 27, 2020 4:52 am Reply
  • very interesting explnation but needs falcon eyes because your diagrams are too small. please next time make them more bigger or full screen. There is a lot of empty. space not used.

    Silicon Robot June 27, 2020 4:52 am Reply
  • Wanted to ask a Master Programmer, what do you consider a good programming language to learn? C++ is where all the libraries are they say, Python is the new popular kid on the block, but there are so many, because of its practicality and easy to learn I really like Delphi, and did a few programs long ago in Pascal, I'm 47 so I don't learn as fast as I used to, C++ is Assembler level, and I'd like to be Hardware aware and assembly efficient when compiling, so I guess my best bet is C++, the Intermediate Languages (ILs) oriented languages like C# and Java I think they're a mistake, maybe necessary to learn from our mistake, but mediocre for life, takes up huge resources just to deploy the Virtual Machine and the native Assembly they rely on, I have checked .NET on Windows, it's just humongous, once I uninstalled completely from Win 8.1 64-bit, even the one that comes with Win 8.1, and many apps won't work, I reinstalled all of them and now Win 8.1 is wonky, some functions just never came back, some apps never worked OK again, I need to reinstall WIn 8.1, so I hate the ILs with a passion, so I will stay away from them for the rest of my natural life if I can help it. I made a Internet search and some people painstakingly go through many languages before settling down, true horror stories I don't wanna go through, so I come to you for wisdom and guidance if you please

    saultube44 June 27, 2020 4:52 am Reply
  • The outtro music: I like it, can you tell me please the artist and title?

    saultube44 June 27, 2020 4:52 am Reply
  • Another amazing episode 🙂 thanks for ghidra-sre.org but is based on Java VM Runtime, so no thanks. For me is unnecessarily bad idea to make a RE tool set based on a IL, creating an unnecessary abstraction layer which will make the access to assembly level more difficult and slower, since you'll need to use IL Assembly Translator twice: once for the Ghidra and another to debug the target.exe. IMO ILs are a bad idea in general, even internally as a compiler, if I were to do a compiler I'd go directly to create structures and linking probably in stages to create the executable file.

    saultube44 June 27, 2020 4:52 am Reply
  • zoom out sir

    uma devi June 27, 2020 4:52 am Reply
  • How much is ida pro for decompiling?

    طاخا سا June 27, 2020 4:52 am Reply
  • G-g-g-g-g great explanation of the theory behind RE.

    ⵉⵜⵔⵓⵏⴰⵓⵜ June 27, 2020 4:52 am Reply
  • 20:40 I was only looking at the screen in the corner of my eye and this genuinely jumpscared me

    Dugongue June 27, 2020 4:52 am Reply
  • What about C? Why are most malware built with C++? Is it because it's easier to program in that language?

    Tokagawa89 June 27, 2020 4:52 am Reply
  • You clearly know that defined the area of a rectangle since you created the class. I'd be curious to know how you can take an executable you are unfamiliar with, it doesn't have to be complicated, and be able to name portions of the struct. Also, would you do a webinar where we could ask you questions in real time? I'd be interested in other people's questions / answers as well as asking my own

    DmytriE June 27, 2020 4:52 am Reply
  • Even tho I'm not that good with debugging or reverse engineering, this is a good video to watch. Thanks for uploading.

    AholicKnight June 27, 2020 4:52 am Reply
  • This was awesome. Would love a lot more, honestly. As someone who is very familiar with C++ as well as disassembling but NOT super familiar with Ida, it can be difficult to find a lot of good visual tutorials on working with it.

    Any other Ida shortcuts you know would be very appreciated. Thanks again, man!

    Jason Wick June 27, 2020 4:52 am Reply
  • Great video. Could you increase the font size a bit so it's a little more readable?

    Mir5 June 27, 2020 4:52 am Reply
  • As always, very good content and concise explanations. Keep up the good work !

    Nabti Julien June 27, 2020 4:52 am Reply
  • Pls zoom IDA more next time thx.. hard to see sometimes..

    Klemza K June 27, 2020 4:52 am Reply
  • i love it.. keep going..

    Klemza K June 27, 2020 4:52 am Reply
  • please teach us more!

    Silent Knight June 27, 2020 4:52 am Reply
  • Great video. I am looking forward for the other videos in this series. Thanks!

    Gergely Révay June 27, 2020 4:52 am Reply
  • A fun way to spend an all-nighter… 🙂

    blackneos940 June 27, 2020 4:52 am Reply
  • Love the memes. Great content!

    S O U F I A N E June 27, 2020 4:52 am Reply

Leave a Comment

Your email address will not be published. Required fields are marked *