Binary Analysis
Re: Analysis setups and environments Jan 14 2006 12:44PM
keydet89 yahoo com
My setup for binary analysis is probably a little (okay...a lot) different from most folks.

On the static analysis side, I'm using a hex editor (UltraEdit) and Perl. Since this isn't specifically "malware" or "executable" binary analysis, a hex editor is my viewer of choice. I'm creating Perl modules to handle the basic collection and processing of information about the binary for me. I use the hex editor to verify what I'm seeing, and I have some other tools, as well...pedump.exe, depends.exe and PEView.exe for PE files, that sort of thing. Some malware, for example, is obfuscated in a way that crashes these other tools, so I use my Perl scripts to walk through the various parts of the PE header, for example, so that I can find where the exception is.

On the dynamic side, for malware analysis, I have a range of tools. Regmon and Filemon are favorites, as are InControl5, pmdump.exe, Ethereal, and of course, VMWare.

H. Carvey
"Windows Forensics and Incident Recovery"
http://www.windows-ir.com
http://windowsir.blogspot.com

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus