Security Basics mailing list archives
RE: Hex editor
From: "Jordan, Jason" <Jordan_Jason () bah com>
Date: Wed, 25 Apr 2007 00:31:40 -0400
Thanks to everyone who responded. I've downloaded some of the Hex editors suggested, XVI32, HexWorkshop and HHD. I also downloaded Ollydbg. Thanks again for all the great suggestions and I'm sure I'll have more questions as I get into this. -----Original Message----- From: Morgan Reed [mailto:morgan.s.reed () gmail com] Sent: Monday, April 23, 2007 7:16 PM To: dallas jordan Cc: security-basics () securityfocus com Subject: Re: Hex editor On 4/19/07, dallas jordan <dallas.jordan () gmail com> wrote:
I would like to start trying to do some reverse engineering of malware, just for learning purposes and I'd like to get some opinions on a good hex editor. Preferably freeware and beginner friendly, if there is such. I have looked at a couple, but wasn't sure if one was much better than another. I wanted to get some more experienced user's thoughts. Anyone have any suggestions? Thanks.
As many others have suggested you really need a debugger not a hex editor (although hex editors do have their place), personally I use OllyDbg for my dynamic code analysis, IDA Pro[1] *ROCKS* for static code analysis (I haven't really explored the dynamic code debugging features of it as I have a bunch of scripts and so on which depend on OllyDbg (OllyScript also rocks) which I use a lot). Something else you'll want to do is to study packers, 98% of all malware you will find is packed to A) make the code smaller and B) make analysis a little[2] more difficult, I'd recommend grabbing a few of the easily available packers out there (UPX is probably a good start, it is about the simplest packer out there.) and pack say notepad.exe with them then figure out how to extract the original exe from the packed file. Other useful tools when it comes to malware analysis (particularly when talking about unpacking) are LordPE Deluxe[3], and Import Reconstructor (Google them) [1] IIRC there used to be an evaluation version available which wasn't excessively crippled. [2] How much more difficult depends on the packer. [3] LordPE Deluxe AFAICT was originally developed by software crackers, when you Google it be careful which sites you go to as it pops up in some pretty seedy parts of the web. Morgan
Current thread:
- Hex editor dallas jordan (Apr 18)
- RE: Hex editor Tony UcedaVelez (Apr 19)
- Re: Hex editor Daniel Coulbourne (Apr 19)
- Re: Hex editor cc (Apr 20)
- Re: Hex editor Boogiebruva (Apr 23)
- Re: Hex editor cc (Apr 20)
- Re: Hex editor offset (Apr 19)
- Re: Hex editor dallas jordan (Apr 19)
- Re: Hex editor crazy frog crazy frog (Apr 19)
- Re: Hex editor Morgan Reed (Apr 24)
- RE: Hex editor Jordan, Jason (Apr 25)