Reverse Engineering Win32 Trojans on Linux

slackrootcyc writes "A post (and previous article) give a detailed examination of the reversing process, using a trojan found in the wild. Later on in the story it discusses some techniques for reversing Windows-native code entirely under Linux."

Re:on a related note

[Luke-Jr]

Maybe, except that these things are rare on Linux and when they happen, they're nearly always a trojan. They happen alot more often on Windoze and most of them there are chaotic viruses.

On Mac OS-X

I know a Windows underground group which is converting M$ Windows trojans to Mac OS-X. They just think it's cool - that's their motivation. I don't see what's so cool in it..

Re:Violation of the DMCA!!

They actually do make some of the viruses. (Which is plural of virus.) But they don't make the trojans. The trojans are made so that people can gain remote access to your computer for a few reasons. Either they want your hdd space or they want personal information about you. Even something as benign as VNC or Radmin can be turned to the "dark side."

Re:Too bad no one here cares about ASM...

[OneEyedApe]

I've been here a little over a month and this is far more interesting than any case modding story that I've seen. This is the sort of article that I read slashdot for.

Re:Not a big deal. But could get expensive.

[Ninja+Master+Gara]

Reverse engineering is protected indirectly by laws in other countries that override the EULAs, since those clauses are not valid under the state laws.

Russian crackers would happily tell you all about this, just like they happily tell the owners of the software they've cracked when they're slapped with Cease and Desists.

Re:Reverse engineering with WINE

[IamTheRealMike]

Actually the missing parts of Wine are now mostly common controls or desktop components. For debugging low level stuff, Wine is invaluable as it can show you exactly what API calls a program is making, with parameters, filtered according to type.