Disassembly Using IDA
HoseinYavari
84 views
11 slides
Mar 23, 2022
Slide 1 of 11
1
2
3
4
5
6
7
8
9
10
11
About This Presentation
IDA tool for malware analysis
Slide Content
Disassembly
Using IDA
Hossein Yavari
March 2022
1
Using IDA
Hossein Yavari
March 2022
1
What is a
disassembler?
–A program that translates
machine code back to assembly
code.
–It allows you to perform static
code analysis.
–Static code analysis: a technique
you can use to interpret the code
to understand the program's
behavior, without executing the
binary.
2
disassembler?
–A program that translates
machine code back to assembly
code.
–It allows you to perform static
code analysis.
–Static code analysis: a technique
you can use to interpret the code
to understand the program's
behavior, without executing the
binary.
2
What is a
debugger?
–A debugger is a program which also
disassembles the code; apart from that,
–It allows you to execute the compiled
binary in a controlled manner.
–It allows you execute either a single
instruction or selected functions, instead
of executing the entire program.
–A Debugger allows you to perform
dynamic code analysis, and helps you
examine the aspects of the suspect binary
while it is running.
3
debugger?
–A debugger is a program which also
disassembles the code; apart from that,
–It allows you to execute the compiled
binary in a controlled manner.
–It allows you execute either a single
instruction or selected functions, instead
of executing the entire program.
–A Debugger allows you to perform
dynamic code analysis, and helps you
examine the aspects of the suspect binary
while it is running.
3
What is a de-
compiler?
–Aprogram that translates
the machine code into the
code in a high-level
language (pseudocode).
–De-compilers can greatly
assist you with the reverse
engineering process and
can simplify your work.
4
Source: Canzanese, Raymond & Oyer, M & Mancoridis, Spiros &
Kam, Moshe. (2005). A survey of reverse engineering tools for the
32-bit Microsoft Windows environment.
compiler?
–Aprogram that translates
the machine code into the
code in a high-level
language (pseudocode).
–De-compilers can greatly
assist you with the reverse
engineering process and
can simplify your work.
4
Source: Canzanese, Raymond & Oyer, M & Mancoridis, Spiros &
Kam, Moshe. (2005). A survey of reverse engineering tools for the
32-bit Microsoft Windows environment.
IDA Pro tool
–Interactive Disassembler
(IDA)
–A powerful disassembler
and a versatile debugger.
–It is used for reverse
engineering.
–https://hex-rays.com/ida-
pro/
5
–Interactive Disassembler
(IDA)
–A powerful disassembler
and a versatile debugger.
–It is used for reverse
engineering.
–https://hex-rays.com/ida-
pro/
5
IDA Pro tool (Cont.)
–IDA Pro has become the de-facto
standard for the analysis of hostile
code, vulnerability research and
commercial off-the-shelf validation.
6
–IDA Pro has become the de-facto
standard for the analysis of hostile
code, vulnerability research and
commercial off-the-shelf validation.
6
IDA
Versions
7
Versions
7
IDA Pro
8
8
IDA alternative
–x64dbg
–An open-source
x64/x32 debugger for
windows.
–https://x64dbg.com/
9
–x64dbg
–An open-source
x64/x32 debugger for
windows.
–https://x64dbg.com/
9
Thank You
10
10
11
References
https://www.packtpub.com/product/learning-malware-analysis/9781788392501
References
https://www.packtpub.com/product/learning-malware-analysis/9781788392501
Categories
BusinessDownload
Download Slideshow Get the original presentation fileQuick Actions
Statistics
- Views 84
- Slides 11
- Age 1349 days
Related Slideshows
1
DTI BPI Pivot Small Business - BUSINESS START UP PLAN
MeljunCortes
28 views
1
CATHOLIC EDUCATIONAL Corporate Responsibilities
MeljunCortes
30 views
11
Karin Schaupp – Evocation; lançamento: 2000
alfeuRIO
28 views
10
Pillars of Biblical Oneness in the Book of Acts
JanParon
26 views
31
7-10. STP + Branding and Product & Services Strategies.pptx
itsyash298
27 views
44
Business Legislation PPT - UNIT 1 jimllpkggg
slogeshk98
30 views