This tutorial covers the basics needed to get started with reverse engineering C++ malware. We cover classes, constructors, structs, and a few tricks to help speed up your analysis with IDA. We have a short blog post here:
Automated Malware Unpacking
The compiled example we analyzed is available on malshare here:
You can download the freeware version of IDA here (sorry no decompiler):
If you want to try Ghidra there is an excellent online tutorial website you can check out here:
Ghidra download:
Feedback, questions, and suggestions are always welcome : )
Sergei
Sean
As always check out our tools, tutorials, and more content over at
#ReverseEngineering #cpp #structs #IDAPro
Nguồn: https://infernalaffairsguild.com/
Xem thêm bài viết khác: https://infernalaffairsguild.com/cong-nghe/
thank you for knowledge!!! maybe a bit of zoom on text would be nice… great tut
very interesting explnation but needs falcon eyes because your diagrams are too small. please next time make them more bigger or full screen. There is a lot of empty. space not used.
Wanted to ask a Master Programmer, what do you consider a good programming language to learn? C++ is where all the libraries are they say, Python is the new popular kid on the block, but there are so many, because of its practicality and easy to learn I really like Delphi, and did a few programs long ago in Pascal, I'm 47 so I don't learn as fast as I used to, C++ is Assembler level, and I'd like to be Hardware aware and assembly efficient when compiling, so I guess my best bet is C++, the Intermediate Languages (ILs) oriented languages like C# and Java I think they're a mistake, maybe necessary to learn from our mistake, but mediocre for life, takes up huge resources just to deploy the Virtual Machine and the native Assembly they rely on, I have checked .NET on Windows, it's just humongous, once I uninstalled completely from Win 8.1 64-bit, even the one that comes with Win 8.1, and many apps won't work, I reinstalled all of them and now Win 8.1 is wonky, some functions just never came back, some apps never worked OK again, I need to reinstall WIn 8.1, so I hate the ILs with a passion, so I will stay away from them for the rest of my natural life if I can help it. I made a Internet search and some people painstakingly go through many languages before settling down, true horror stories I don't wanna go through, so I come to you for wisdom and guidance if you please
The outtro music: I like it, can you tell me please the artist and title?
Another amazing episode 🙂 thanks for ghidra-sre.org but is based on Java VM Runtime, so no thanks. For me is unnecessarily bad idea to make a RE tool set based on a IL, creating an unnecessary abstraction layer which will make the access to assembly level more difficult and slower, since you'll need to use IL Assembly Translator twice: once for the Ghidra and another to debug the target.exe. IMO ILs are a bad idea in general, even internally as a compiler, if I were to do a compiler I'd go directly to create structures and linking probably in stages to create the executable file.
zoom out sir
How much is ida pro for decompiling?
G-g-g-g-g great explanation of the theory behind RE.
20:40 I was only looking at the screen in the corner of my eye and this genuinely jumpscared me
What about C? Why are most malware built with C++? Is it because it's easier to program in that language?
You clearly know that defined the area of a rectangle since you created the class. I'd be curious to know how you can take an executable you are unfamiliar with, it doesn't have to be complicated, and be able to name portions of the struct. Also, would you do a webinar where we could ask you questions in real time? I'd be interested in other people's questions / answers as well as asking my own
Even tho I'm not that good with debugging or reverse engineering, this is a good video to watch. Thanks for uploading.
This was awesome. Would love a lot more, honestly. As someone who is very familiar with C++ as well as disassembling but NOT super familiar with Ida, it can be difficult to find a lot of good visual tutorials on working with it.
Any other Ida shortcuts you know would be very appreciated. Thanks again, man!
Great video. Could you increase the font size a bit so it's a little more readable?
As always, very good content and concise explanations. Keep up the good work !
Pls zoom IDA more next time thx.. hard to see sometimes..
i love it.. keep going..
please teach us more!
Great video. I am looking forward for the other videos in this series. Thanks!
A fun way to spend an all-nighter… 🙂
Love the memes. Great content!