I am looking for recommendations in each of the categories
- free
- charged
for easy to use debuggers fit for Portable Executable (native/non-.NET) malware analysis.
1
-
PeStudio by @moxSerg– Serg2013-02-16 17:07:22 +00:00Commented Feb 16, 2013 at 17:07
Add a comment
|
3 Answers
In the free category, Olly is the King. If you're using Win XP or older, SoftICE is fantastic as well, though finding a copy of it can be difficult these days.
In the paid category it is IDA Pro, hands down. Chris Eagle wrote an excellent book that shows you how to do advanced reverse engineering with IDA.
Also to clarify Marco, UPX can only be used to unpack exectuables that were packed with UPX in the first place. Many malware binaries exceeding modest sophistication use custom packing techniques, which cannot be reversed using UPX.
Comments
There is a windows free debuger (msdn.microsoft.com/en-us/windows/hardware/gg463009)
But you can unpack .exe files with upx (upx.sourceforge.net) -> opensource And use a free debuger widely used (http://www.ollydbg.de/) --> my recommendation
One charged tool to work with Portable Executable is PE Explorer (www.heaventools.com/overview.htm)
Another great tool is IDA (https://www.hex-rays.com/products/ida/support/tutorials/unpack_pe/manual.shtml) --> my recommendation
Comments
If you cant get away with the GUI experience with OllyDbg, you can use the X64Dbg for 32 and 64 bit. There are also useful plugins. I usually use the IDAPro for static analysis.
