[ale] Malware / Vulnerability Analysis (Coding/IDA Pro/ Things like that)

Michael Trausch mike at trausch.us
Mon Sep 20 01:35:52 EDT 2010 

On Sat, Sep 18, 2010 at 6:36 PM, Justin Simms <justin.simms at gmail.com> wrote:
> I am trying to get some knowledge in this area and would like to know
> if anyone would be willing to teach me what they know. I have always
> been fascinated by computer security but have not been fortunate
> enough to get a job in the field or know anyone at a low enough level
> who codes on a day to day basis at this level. Thanks!

There is an excellent book called "Reversing: Secrets of Reverse
Engineering" that would be a good starting point for you.  The book
does assume that you are a moderately skilled programmer, and is a
good first stop for learning about the reverse engineering of binary
code and file formats, and even takes a look at reverse engineering
code for virtual CPUs such as those employed by the JVM and the CLR.

You can, however, practice on your own.  Pick an environment; for
simplicity sake, start with the environment that you know the
best---if that's Windows, or Linux, it doesn't really matter.  The key
is to know how the system works from the point of view of an
application program.  Then, start building tiny little programs,
perhaps working your way up from something as simple as "Hello,
World", and look at their disassembly.

If you expect that you're going to be doing a large amount of such
work, be sure to have one or the other of a dot-matrix printer or a
second (or even third!) monitor on your desk.  Dot matrix printers,
while they are a bit expensive these days, can print very
inexpensively (and often you can use WD-40 to "re-ink" a ribbon two or
three times before you have to put another new ribbon in), and the
form-feed paper makes it very useful for large listings.  I am rather
fond of doing things that way.  Call me stubborn, but I like to use a
pencil or pen on paper to read through source code or disassembly
dumps to work things out.  I don't use my primary workstation for such
a thing, either.  I will take the print-out and lay down on my stomach
on the floor, go through the listing line-by-line, and if needed I
will consult reference material from the Internet on my laptop, or
from a book if I have it.

If you are going to do a lot of this type of work, it will be worth
your while to read the books from AMD or Intel on how the CPUs work,
and to have their references handy.  I used to have a set of Intel
books handy, and I would re-order them periodically, though I haven't
done so in years.  They used to offer them for free, but according to
Intel's Web site, they are no longer available for order in hard copy
format (personally, I think that's a shame.  I loved having my IA-32
manuals in hard copy, though in one of my moves several years ago I
sadly lost the reference volumes).  Both Intel and AMD have them
online, see http://www.intel.com/products/processor/manuals/ and
http://developer.amd.com/documentation/guides/Pages/default.aspx
respectively.  For the AMD page, look at the Manuals section for the 6
volumes of the AMD64 Architecture Programmer's Manual.

   --- Mike

More information about the Ale mailing list