Slashdot Mirror

← Back to Stories (view on slashdot.org)

Reverse Engineering Win32 Trojans on Linux

Posted by michael on from the clean-room dept.

slackrootcyc writes "A post (and previous article) give a detailed examination of the reversing process, using a trojan found in the wild. Later on in the story it discusses some techniques for reversing Windows-native code entirely under Linux."

1 of 86 comments (clear)

  1. Too bad no one here cares about ASM... by SexyKellyOsbourne · · Score: 5, Troll

    This is some pretty neat stuff: the author details how to find a needle in a haystack for a virus establishing a TCP connection from nothing more than raw dissassembly, and then how to use breakpoints in the WINE program to get gdb to work with it.

    Though you can do that with a simple netstat, it opens up ways to find everything else about the trojan, too, without the risk of raping your native environment Windows system.

    Too bad most nu-geek slashdotters would rather hear about someone putting a neon rope light inside their computer case.