Tuesday, May 31, 2011

Debugger

Need some background in Assembly, and Intel instructions .. biol.


Currently I am using IDAPro, free version for the so called "RE" purpose. This is tedious, some malware detect the debugger, packed bla bla. Basically this already been known - for preprocessing phase, three obstacles need to be overcome ; deobfuscation, packed binary, encrypted binary.

I wish I could have the plain ones.. yeah, a lot of them. Then concentrate to the first objective of my research - feature selection.

No comments: