View Full Version : [Discussion] Do you have an analysis format?

February 9th, 2012, 11:36
Hey everyone.

When reversing targets, I have always been writing my findings & comments on the analysis of the target on a sheet of Notepad++ file. It is really messy and Only I (if at all) can understand it.

Furthermore, I've noticed that If i deal with a really large target with a lot of analysis required, and I'd pause and come back to the target like a week later, I'd forget all the things I've learned about the target, and my messy analysis comments on Notepad++ would be of little help to understand what the hell i was doing.

If i were to try and cooperate with someone to reverse a target, It would be almost impossible for me and him to understand each other's comments without some kind of fixed format.

So, my question is to you: Do you have your own Format for writing your Analysis, thoughts and ideas about the target you're reversing?

Please post an example format if you have one.

Thanks for any comments!

February 10th, 2012, 12:10
This actually deserves a reply as its something I'd been thinking for a long time that "there must be a better way" ;-).

I can't offer you any suggestion other than echo my preferred methods.

i). Notepad; *.txt rules still.
ii). Keeping the commented IDB.
iii). Source code.
iv). All of the above + any files all in a rar/zip archive.

If anyone has something better, I'd like to know, maybe a full CRM is needed for crackers ;-).



February 10th, 2012, 13:23
I use CUEcards 2005 for every target for detailed descriptions, but mostly when I've finished the target. This way I know what I did even when a long time has passed.
Furthermore I use many labels in Olly (mostly at the first instruction inside a call). I give them descriptive names. This helps a lot if I need to pause for some days, because I instantly see what a call does.
I also use Olly's comment function a lot. Doing this I'm quickly up-to-date again.
Additionally I use the Breakpointmanager plugin to save all the breakpoints with comments and the Godup plugin for documentation.
I'm somewhat exhaustive when it comes to documentation because I suffered from losing sight of what I did many times in the past.
At some point I was sick of this, so I started doing as described above.

Hope that helps

Best regards

February 10th, 2012, 14:17
Thanks a lot for your suggestions.

I would like to know if it would be possible to invent some kind of standard Protocol that can accurately describe one's findings about a target.

February 10th, 2012, 23:03
I would like to know if it would be possible to invent some kind of standard Protocol that can accurately describe one's findings about a target.

I think that would be a good thing.

Back in the day............
Yes, good old note pad.
Mostly paper and a pen for me. I'm to lazy to type.

Some kind of work sheet perhaps.

Packed with:
Encrypted with:
Entry point:

I'm just supposing to get things started.


February 11th, 2012, 12:16
Anyone ever considered using a local EverNote database? I tried once but at some point I was too lazy to fire it up and reverted to some simple text editor.

February 11th, 2012, 19:46

February 12th, 2012, 19:03
notepad.exe, a piece of paper, and pen. Never needed anything else =/

February 16th, 2012, 16:00
I use notepad to type my comments and ideas during the analysis. In addition, I use descriptive names/ and comments on IDA and Ollydbg. I also tend to save all logs created during the behaviour analysis on folders and put the name of those logs on my notepad file, so I would know where to check for additional information if I have any question later on. And, I save a snapshot of the virtual machine I used for as long as I think necessary. Once I done with the analysis, I summarize all major/important information in an organize type of report similar to a tut. In addition to these, I keep what I call a blackbook with new techniques or tricks I learned during the analysis.