IDA tool for malware analysis

1. Disassembly
UsingIDA
Hossein Yavari
March 2022
1

2. What is a
disassembler?
– A program that translates
machine code back to assembly
code.
– It allows you to perform static
code analysis.
– Static code analysis: a technique
you can use to interpret the code
to understand the program's
behavior, without executing the
binary.
2

3. What is a
debugger?
– A debugger is a program which also
disassembles the code; apart from that,
– It allows you to execute the compiled
binary in a controlled manner.
– It allows you execute either a single
instruction or selected functions, instead
of executing the entire program.
– A Debugger allows you to perform
dynamic code analysis, and helps you
examine the aspects of the suspect binary
while it is running.
3

4. What is a de-
compiler?
– A program that translates
the machine code into the
code in a high-level
language (pseudocode).
– De-compilers can greatly
assist you with the reverse
engineering process and
can simplify your work.
4
Source: Canzanese, Raymond & Oyer, M & Mancoridis, Spiros &
Kam, Moshe. (2005). A survey of reverse engineering tools for the
32-bit Microsoft Windows environment.

5. IDA Pro tool
– Interactive Disassembler
(IDA)
– A powerful disassembler
and a versatile debugger.
– It is used for reverse
engineering.
– https://hex-rays.com/ida-
pro/
5

6. IDA Pro tool (Cont.)
– IDA Pro has become the de-facto
standard for the analysis of hostile
code, vulnerability research and
commercial off-the-shelf validation.
6

7. IDA
Versions
7

8. IDAPro
8

9. IDA alternative
– x64dbg
– An open-source
x64/x32 debugger for
windows.
– https://x64dbg.com/
9

10. ThankYou
10

11. 11
References
https://www.packtpub.com/product/learning-malware-analysis/9781788392501