Slashdot Mirror

← Back to Stories (view on slashdot.org)

Reverse Engineering Win32 Trojans on Linux

Posted by michael on from the clean-room dept.

slackrootcyc writes "A post (and previous article) give a detailed examination of the reversing process, using a trojan found in the wild. Later on in the story it discusses some techniques for reversing Windows-native code entirely under Linux."

5 of 86 comments (clear)

  1. Re:on a related note by Luke-Jr · · Score: 2, Interesting

    Maybe, except that these things are rare on Linux and when they happen, they're nearly always a trojan. They happen alot more often on Windoze and most of them there are chaotic viruses.

    --
    Luke-Jr
  2. On Mac OS-X by Anonymous Coward · · Score: 3, Interesting

    I know a Windows underground group which is converting M$ Windows trojans to Mac OS-X. They just think it's cool - that's their motivation. I don't see what's so cool in it..

  3. Re:Too bad no one here cares about ASM... by OneEyedApe · · Score: 2, Interesting

    I've been here a little over a month and this is far more interesting than any case modding story that I've seen. This is the sort of article that I read slashdot for.

    --
    Life sucks, but death doesn't put out at all....
    --Thomas J. Kopp
  4. Re:Not a big deal. But could get expensive. by Ninja+Master+Gara · · Score: 3, Interesting
    Reverse engineering is protected indirectly by laws in other countries that override the EULAs, since those clauses are not valid under the state laws.

    Russian crackers would happily tell you all about this, just like they happily tell the owners of the software they've cracked when they're slapped with Cease and Desists.

    --

    ---
    When I grow up, I want to be a kid again.
  5. Re:Reverse engineering with WINE by IamTheRealMike · · Score: 5, Interesting

    Actually the missing parts of Wine are now mostly common controls or desktop components. For debugging low level stuff, Wine is invaluable as it can show you exactly what API calls a program is making, with parameters, filtered according to type.