PDA

View Full Version : Assembly in tools like Pyew


Sunk
April 27th, 2012, 07:47
What can you learn about malware from reading assembly with tools like Pyew and not being able to see what is in the registers, memory, no symbols, etc.

disavowed
April 29th, 2012, 09:39
You might be able to learn some things (if it's not obfuscated), or you may not be able to learn anything (if it is obfuscated).
Don't limit yourself to just one tool/approach.

Sunk
April 29th, 2012, 09:57
I was actually thinking yesterday that malware analysis is kind of like analyzing network traffic. Proxy logs, session data, firewall logs, IDS logs, etc. all tell you something, but not everything. So I think you're right, but with me being used to a debugger I still feel blind when looking at just plain disassembly in Pyew.

Is there anything you can learn from disassembly with tools like Pyew that you can't learn from a debugger a lot easier?

disavowed
April 29th, 2012, 19:33
I recommend you read the features of Pyew to understand what it can and can't do.