Results 1 to 9 of 9

Thread: [Discussion] Do you have an analysis format?

  1. #1

    [Discussion] Do you have an analysis format?

    Hey everyone.

    When reversing targets, I have always been writing my findings & comments on the analysis of the target on a sheet of Notepad++ file. It is really messy and Only I (if at all) can understand it.

    Furthermore, I've noticed that If i deal with a really large target with a lot of analysis required, and I'd pause and come back to the target like a week later, I'd forget all the things I've learned about the target, and my messy analysis comments on Notepad++ would be of little help to understand what the hell i was doing.

    If i were to try and cooperate with someone to reverse a target, It would be almost impossible for me and him to understand each other's comments without some kind of fixed format.

    So, my question is to you: Do you have your own Format for writing your Analysis, thoughts and ideas about the target you're reversing?

    Please post an example format if you have one.

    Thanks for any comments!
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  2. #2
    This actually deserves a reply as its something I'd been thinking for a long time that "there must be a better way" ;-).

    I can't offer you any suggestion other than echo my preferred methods.

    i). Notepad; *.txt rules still.
    ii). Keeping the commented IDB.
    iii). Source code.
    iv). All of the above + any files all in a rar/zip archive.

    If anyone has something better, I'd like to know, maybe a full CRM is needed for crackers ;-).



  3. #3
    I use CUEcards 2005 for every target for detailed descriptions, but mostly when I've finished the target. This way I know what I did even when a long time has passed.
    Furthermore I use many labels in Olly (mostly at the first instruction inside a call). I give them descriptive names. This helps a lot if I need to pause for some days, because I instantly see what a call does.
    I also use Olly's comment function a lot. Doing this I'm quickly up-to-date again.
    Additionally I use the Breakpointmanager plugin to save all the breakpoints with comments and the Godup plugin for documentation.
    I'm somewhat exhaustive when it comes to documentation because I suffered from losing sight of what I did many times in the past.
    At some point I was sick of this, so I started doing as described above.

    Hope that helps

    Best regards
    I flout Chuck Norris, Spongebob barbecues underwater!

  4. #4
    Thanks a lot for your suggestions.

    I would like to know if it would be possible to invent some kind of standard Protocol that can accurately describe one's findings about a target.
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  5. #5
    I would like to know if it would be possible to invent some kind of standard Protocol that can accurately describe one's findings about a target.
    I think that would be a good thing.

    Back in the day............
    Yes, good old note pad.
    Mostly paper and a pen for me. I'm to lazy to type.

    Some kind of work sheet perhaps.

    Packed with:
    Encrypted with:
    Entry point:

    I'm just supposing to get things started.

    Learn Or Die.

  6. #6
    Anyone ever considered using a local EverNote database? I tried once but at some point I was too lazy to fire it up and reverted to some simple text editor.

  7. #7

  8. #8
    Registered User
    Join Date
    Dec 2005
    Blog Entries
    notepad.exe, a piece of paper, and pen. Never needed anything else =/

  9. #9
    I use notepad to type my comments and ideas during the analysis. In addition, I use descriptive names/ and comments on IDA and Ollydbg. I also tend to save all logs created during the behaviour analysis on folders and put the name of those logs on my notepad file, so I would know where to check for additional information if I have any question later on. And, I save a snapshot of the virtual machine I used for as long as I think necessary. Once I done with the analysis, I summarize all major/important information in an organize type of report similar to a tut. In addition to these, I keep what I call a blackbook with new techniques or tricks I learned during the analysis.

Similar Threads

  1. StarFoce Prot. [Open Discussion.]
    By strx in forum Off Topic
    Replies: 6
    Last Post: April 1st, 2006, 12:46
  2. Bad or unknown format
    By mong in forum OllyDbg Support Forums
    Replies: 4
    Last Post: February 18th, 2003, 16:30
  3. IVT format?
    By crUsAdEr in forum Malware Analysis and Unpacking Forum
    Replies: 9
    Last Post: April 8th, 2002, 11:41
  4. Decompiler Discussion
    By Sarge in forum Mini Project Area
    Replies: 54
    Last Post: January 1st, 2002, 07:02
  5. Reversing Microsoft Reader .lit format to text format, any ideas?
    By ultraungar in forum Advanced Reversing and Programming
    Replies: 4
    Last Post: March 22nd, 2001, 14:04


Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts