SBN

Reverse Engineering and Malware Analysis Tools

Introduction

Reverse-engineering and malware analysis tools have an important role to play in terms of cybersecurity. For example, app developers and security teams can implement these control mechanisms in their coding practices for detection of reverse-engineering attacks and protection against threat analytics, among other things. Finding the most appropriate tool is not always a simple task, but this article might shed some light on this subject. 

In the first corner is the undisputed champion — the IDA, and in the other corner are all of its competitors.

AppSec/API Security 2022

IDA

This abbreviation stands for Interactive Disassembler (IDA). There are two versions of IDA:

  1. IDA Starter
  2. IDA Professional 

Hex-Rays, the company that develops IDA, offers also IDA Evaluation Version (a limited version of the disassembler) and the freeware version of IDA v7.0 (free for non-commercial use). 

IDA Pro — the primary product — is an excellent tool for malware analysis because of many reasons, and one of them is its ability to extract great amounts of information such as strings, exports, imports, graph flows and more. 

IDA Pro is a platform that integrates multiple functions: it can work as a disassembler, debugger and decompiler, all rolled into one.

As a disassembler for computer software, IDA Pro can use a given machine-executable code to generate assembly language source code. The disassembly process can be extended via “IDC scripts.” They can be used as a basis for scripts written by users, but mostly for modifications of the generated code. Hex-Rays has equipped their product with an SDK so that users can develop extensions through the Python language. 

As a debugger for executables, the IDA Pro supports Windows PE, Mac OS X Mach-O and Linux ELF.

The decompiler plug-in usually comes at an extra price. 

IDA Pro can (Read more...)

*** This is a Security Bloggers Network syndicated blog from Infosec Resources authored by Dimitar Kostadinov. Read the original post at: http://feedproxy.google.com/~r/infosecResources/~3/cZ283OE903Y/