Thread: How is this guy stepping through Olly so quickly?

    How is this guy stepping through Olly so quickly?

    How is he going through Olly so fast? He's obviously not reading everything, what is he looking at?

    Reversinglabs is a pro outfit.
    All they do is rip shit apart, be it malwares/virii,
    or plain old programs. Analyze enough of that crap
    and I am sure you can get rather proficient
    at recognizing patterns.

    Or, the person doing the tut has ripped that mal
    apart numerous times and knows where to look.

    Learn Or Die.

    I see, well if they are just going by patterns, I take it they are looking at the assembly window, right? I have Practical Malware Analysis pre-ordered so I'm sure I'll learn a thing or two about assembly and debugging. I won't be flying through Olly like that anytime soon though

    that video may be edited to make it look fast too

    all that guy is doing is jumping out of loops and skipping old known patterns

    suppose you have a sequence like this

    block start
    some crap
    jmp within block
    some more crap
    jmp on condition within block
    some more crap
    jmp out of block on condition
    some more bs
    jmp to start of block
    more fizz
    jmp within block
    end of block

    there is only one exit out of this seemingly obscure block and once you step through assembly a few times you can recognize exits very fast
    all you need to do is set a break on exit and run the proggie (there are pitfalls in what i simplistically state but 99% of the time you can safely exit from blocks
    if you understand patterns)

    the other thing is he know what decompression routines etc look like (see the apcode comment in the video)
    so he simply skips them by breaking and stepping on exits

    take an upx packed executable and practice single stepping the unpacking code

    the signature for most pros out there is they see a pushad
    then look for a popad jmp dest sequence set a bp on jmp dest and f8 once to reach entry point proggie unpacked

    it might look like flying through the code but it is simply skipping whats boring routine which they know wont affect their analysis

    Yeah, I was going to comment that that vid might be a good example to study for clues to "Zen" reversing. The boring blocks as blabberer mentions, that don't need to be examined too closely seem to be nicely highlighted, while important parts are commented. Key in on the instruction types where the stops are made.

    I've never had the patience to follow video tuts, I guess they do go too fast to get much from unless you takes lots of time studying them. I haven't looked into this, but I'm wondering if there's a way to download Youtubes and play them back at a slower rate? i.e. is there a 'Roni Amazing SlowDowner' for Adobe Flash Player? A quick search hints that FLV Player, VLC or Flash Bookmarklets might do something like that. Seems like that would be something useful to be able to follow these manic video tuts...

    i dont watch you tube it is a headache when looking at streaming crap on unstable slow connections

    i use firefox addon

    simply choose the smallest download (there are 100s of sd / hd / low / high / bold / sexy / kinky / versions of the same flv in you tube ) download it and view it on old windows media player where i can view it on my terms and my speed on my time and if i need to rewatch it i dont have to put up crazy / slow / buffering crap

    simply rewind and restart or drag front and back

    lol the vids screen are so small I don't think I wanna watched a second you might need a magnifying glass

    Reverse the code,Reverse Your Minds First

