Jan 1, 0001

1 min read

Techniques

Not all those who wander are lost, but how did you end up here?

This page is a work in progress

On this page I will describe some approaches that can be used to make sense of reverse-engineered programs. The idea is to give you some ideas of the things you can try when you are stuck.

Basic techniques

Top-down analysis - start from the entrypoint and go down from there
Bottom-up analysis (strings) - start from strings and go up from there
Bottom-up analysis (imports) - start from imports and go up from there
Bottom-up analysis (random walk) - when you’re feeling lucky

…

Intermediate techniques

Passive API monitoring
Manual unpacking with Debugger
Code coverage tracking
Differential code coverage

notes

DynamoRIO-Windows-11.0.0.zip

dynamoriodir\bin32\drrun.exe -t drcov — malware.exe