Hossein Yavari, profile picture
Uploaded byHossein Yavari
116 views

Disassembly Using IDA

This document defines and compares disassemblers, debuggers, and decompilers. It then discusses the IDA Pro tool in more detail. A disassembler translates machine code back to assembly code, enabling static code analysis. A debugger also disassembles code but allows controlled execution and dynamic analysis. A decompiler translates machine code into high-level code. The document recommends IDA Pro as a powerful disassembler and debugger that has become a standard for reverse engineering. It also briefly mentions the open-source x64dbg debugger as an alternative.

Software
Related topics:
Malware Analysis Guide

Embed presentation

Download to read offline
Disassembly UsingIDA Hossein Yavari March 2022 1
What is a disassembler? – A program that translates machine code back to assembly code. – It allows you to perform static code analysis. – Static code analysis: a technique you can use to interpret the code to understand the program's behavior, without executing the binary. 2
What is a debugger? – A debugger is a program which also disassembles the code; apart from that, – It allows you to execute the compiled binary in a controlled manner. – It allows you execute either a single instruction or selected functions, instead of executing the entire program. – A Debugger allows you to perform dynamic code analysis, and helps you examine the aspects of the suspect binary while it is running. 3
What is a de- compiler? – A program that translates the machine code into the code in a high-level language (pseudocode). – De-compilers can greatly assist you with the reverse engineering process and can simplify your work. 4 Source: Canzanese, Raymond & Oyer, M & Mancoridis, Spiros & Kam, Moshe. (2005). A survey of reverse engineering tools for the 32-bit Microsoft Windows environment.
IDA Pro tool – Interactive Disassembler (IDA) – A powerful disassembler and a versatile debugger. – It is used for reverse engineering. – https://hex-rays.com/ida- pro/ 5
IDA Pro tool (Cont.) – IDA Pro has become the de-facto standard for the analysis of hostile code, vulnerability research and commercial off-the-shelf validation. 6
IDA Versions 7
IDAPro 8
IDA alternative – x64dbg – An open-source x64/x32 debugger for windows. – https://x64dbg.com/ 9
ThankYou 10
11 References https://www.packtpub.com/product/learning-malware-analysis/9781788392501

More Related Content

PDF
Hacking with Reverse Engineering and Defense against it
byPrakashchand Suthar
 
PPTX
Reverse Engineering.pptx
bySameer Sapra
 
PPTX
IDAPRO
byMatt Vieyra
 
PPTX
Reverse Engineering 101
byysurer
 
PPT
UNIT 3.1 INTRODUCTON TO IDA.ppt
byManjuAppukuttan2
 
PDF
Unit 4 Reverse Engineering Tools Functionalities & Use-Cases.pdf
byChatanBawankar
 
PPT
UNIT 3.2 GETTING STARTED WITH IDA.ppt
byManjuAppukuttan2
 
PDF
2023-02-22_Tiberti_CyberX.pdf
bycifoxo
 
Hacking with Reverse Engineering and Defense against it
byPrakashchand Suthar
 
Reverse Engineering.pptx
bySameer Sapra
 
IDAPRO
byMatt Vieyra
 
Reverse Engineering 101
byysurer
 
UNIT 3.1 INTRODUCTON TO IDA.ppt
byManjuAppukuttan2
 
Unit 4 Reverse Engineering Tools Functionalities & Use-Cases.pdf
byChatanBawankar
 
UNIT 3.2 GETTING STARTED WITH IDA.ppt
byManjuAppukuttan2
 
2023-02-22_Tiberti_CyberX.pdf
bycifoxo
 

Similar to Disassembly Using IDA

PPTX
Malware 101 by saurabh chaudhary
bySaurav Chaudhary
 
PPTX
ASSEMBLER AND DEBUGGER.pptx lect 4 cs5.pptx
byAbdul salam
 
PPTX
Introduction to system programming
bysonalikharade3
 
PPTX
Windows Crash Dump Analysis
byMicrosoft TechNet - Belgium and Luxembourg
 
PPT
E.s unit 6
bySneha Chopra
 
PDF
Decompiling Android Discover How Android Apps Are Compiled And Built To Secur...
bywayhoyaluc
 
PPTX
Reverse Engineering and It’s Basic by Prasenjit Kanti Paul.pptx
bynull - The Open Security Community
 
PDF
UnDeveloper Studio
byChristien Rioux
 
PPTX
Null bhopal 21042019_re_4w4r44
bySaurav Chaudhary
 
PDF
CNIT 126 5: IDA Pro
bySam Bowne
 
PDF
Introduction to ida python
bygeeksec80
 
PPTX
Practical Malware Analysis: Ch 5: IDA Pro
bySam Bowne
 
PDF
Half-automatic Compilable Source Code Recovery
byJoxean Koret
 
PPT
Reverse engineering
bySaswat Padhi
 
PPTX
One Engine Two Tools
byChris Eargle
 
PDF
CODE BLUE 2014 : [Keynote] IDA and digital security by Ilfak Guilfanov
byCODE BLUE
 
PDF
Reversing & malware analysis training part 5 reverse engineering tools basics
byAbdulrahman Bassam
 
PPTX
Advanced malware analysis training session5 reversing automation
byCysinfo Cyber Security Community
 
PPTX
CarolinaCon 2009 Anti-Debugging
byTyler Shields
 
PPTX
Slide Reverse Engineering an APT Malware targeting Vietnamese
byMinh-Triet Pham Tran
 
Malware 101 by saurabh chaudhary
bySaurav Chaudhary
 
ASSEMBLER AND DEBUGGER.pptx lect 4 cs5.pptx
byAbdul salam
 
Introduction to system programming
bysonalikharade3
 
Windows Crash Dump Analysis
byMicrosoft TechNet - Belgium and Luxembourg
 
E.s unit 6
bySneha Chopra
 
Decompiling Android Discover How Android Apps Are Compiled And Built To Secur...
bywayhoyaluc
 
Reverse Engineering and It’s Basic by Prasenjit Kanti Paul.pptx
bynull - The Open Security Community
 
UnDeveloper Studio
byChristien Rioux
 
Null bhopal 21042019_re_4w4r44
bySaurav Chaudhary
 
CNIT 126 5: IDA Pro
bySam Bowne
 
Introduction to ida python
bygeeksec80
 
Practical Malware Analysis: Ch 5: IDA Pro
bySam Bowne
 
Half-automatic Compilable Source Code Recovery
byJoxean Koret
 
Reverse engineering
bySaswat Padhi
 
One Engine Two Tools
byChris Eargle
 
CODE BLUE 2014 : [Keynote] IDA and digital security by Ilfak Guilfanov
byCODE BLUE
 
Reversing & malware analysis training part 5 reverse engineering tools basics
byAbdulrahman Bassam
 
Advanced malware analysis training session5 reversing automation
byCysinfo Cyber Security Community
 
CarolinaCon 2009 Anti-Debugging
byTyler Shields
 
Slide Reverse Engineering an APT Malware targeting Vietnamese
byMinh-Triet Pham Tran
 

More from Hossein Yavari

PPTX
Malware Static Analysis
byHossein Yavari
 
PPTX
Introduction to Snort
byHossein Yavari
 
PDF
DLL Injection
byHossein Yavari
 
PDF
Introduction to Metasploit
byHossein Yavari
 
PDF
Which IT Certification is Better for You?
byHossein Yavari
 
PDF
SIPREC RTPEngine Media Forking
byHossein Yavari
 
PDF
IPsec for IMS
byHossein Yavari
 
PDF
What is Matroska?
byHossein Yavari
 
PPTX
SQL Injection in JAVA
byHossein Yavari
 
PDF
SENA Cloud UC
byHossein Yavari
 
PDF
eSIM Deep Dive
byHossein Yavari
 
PDF
Yeastar Technical Training Course
byHossein Yavari
 
PDF
Introduction to DIAMETER
byHossein Yavari
 
PDF
FreePBX Disaster Recovery
byHossein Yavari
 
PDF
Windows Forensics
byHossein Yavari
 
PPTX
Desjardins Data Breach
byHossein Yavari
 
PDF
eSIM Overview
byHossein Yavari
 
PDF
LTE Architecture Overview
byHossein Yavari
 
PDF
Creativity and Role of the Leaders
byHossein Yavari
 
PPTX
SIP over TLS
byHossein Yavari
 
Malware Static Analysis
byHossein Yavari
 
Introduction to Snort
byHossein Yavari
 
DLL Injection
byHossein Yavari
 
Introduction to Metasploit
byHossein Yavari
 
Which IT Certification is Better for You?
byHossein Yavari
 
SIPREC RTPEngine Media Forking
byHossein Yavari
 
IPsec for IMS
byHossein Yavari
 
What is Matroska?
byHossein Yavari
 
SQL Injection in JAVA
byHossein Yavari
 
SENA Cloud UC
byHossein Yavari
 
eSIM Deep Dive
byHossein Yavari
 
Yeastar Technical Training Course
byHossein Yavari
 
Introduction to DIAMETER
byHossein Yavari
 
FreePBX Disaster Recovery
byHossein Yavari
 
Windows Forensics
byHossein Yavari
 
Desjardins Data Breach
byHossein Yavari
 
eSIM Overview
byHossein Yavari
 
LTE Architecture Overview
byHossein Yavari
 
Creativity and Role of the Leaders
byHossein Yavari
 
SIP over TLS
byHossein Yavari
 

Recently uploaded

PDF
Breaking the Vulnerability Management Cycle with Anchore and Echo
byAnchore
 
PPTX
operating sys about shells and terminals commands .pptx
byYazeedAbdullah6
 
PDF
How Device, OS, and Network Variability Affects App Experience - And How to T...
bykalichargn70th171
 
PPTX
Building AI agents in Java - Devoxx Belgium 2025
byJulien Dubois
 
PDF
DSD-INT 2025 Delft3D FM Suite 2026.01 2D3D - New features + Improvements - Sp...
byDeltares
 
PPTX
Boost Productivity the Smart Way with AI Automation Solutions
byEllocent Labs
 
PDF
Presentation Empowerment Technology in ICT
byoryoseiii
 
PPTX
wAIred_LearnwithoutAI_KotlinDevDay_27112025.pptx
bySimonedeGijt
 
PDF
SCORM Cloud: The 5 categories of content distribution
byRustici Software
 
PDF
Fundamental of Information Systems introduction.pdf
byYeabsraLakew
 
PDF
DSD-INT 2025 The Sinterklaas Storm in the Southwest of the Netherlands - Wope...
byDeltares
 
PDF
DSD-INT 2025 Next-Generation Flood Inundation Mapping for Taiwan - Challenges...
byDeltares
 
PDF
Internship Project Training Report-3.pdf
byPawank36
 
PDF
DSD-INT 2025 Quantifying Flood Mitigation Strategies Under Sea Level Rise - H...
byDeltares
 
PDF
DSD-INT 2025 Hydrodynamic and Morphodynamic Modeling with Delft3D FM for an I...
byDeltares
 
PDF
DSD-INT 2025 Century-Scale Impacts of Sediment-Based Coastal Restoration unde...
byDeltares
 
PDF
DSD-INT 2025 Modelling Non-Newtonian Slurry Beaching with Delft3D-Slurry - Bi
byDeltares
 
PDF
DSD-INT 2025 Coupling SFINCS to a flood risk model to evaluate the effects of...
byDeltares
 
PDF
DSD-INT 2025 Reviving a Lost Meander - Deen
byDeltares
 
PDF
DSD-INT 2025 3D-modelling of salt intrusion into Germany’s busiest waterway -...
byDeltares
 
Breaking the Vulnerability Management Cycle with Anchore and Echo
byAnchore
 
operating sys about shells and terminals commands .pptx
byYazeedAbdullah6
 
How Device, OS, and Network Variability Affects App Experience - And How to T...
bykalichargn70th171
 
Building AI agents in Java - Devoxx Belgium 2025
byJulien Dubois
 
DSD-INT 2025 Delft3D FM Suite 2026.01 2D3D - New features + Improvements - Sp...
byDeltares
 
Boost Productivity the Smart Way with AI Automation Solutions
byEllocent Labs
 
Presentation Empowerment Technology in ICT
byoryoseiii
 
wAIred_LearnwithoutAI_KotlinDevDay_27112025.pptx
bySimonedeGijt
 
SCORM Cloud: The 5 categories of content distribution
byRustici Software
 
Fundamental of Information Systems introduction.pdf
byYeabsraLakew
 
DSD-INT 2025 The Sinterklaas Storm in the Southwest of the Netherlands - Wope...
byDeltares
 
DSD-INT 2025 Next-Generation Flood Inundation Mapping for Taiwan - Challenges...
byDeltares
 
Internship Project Training Report-3.pdf
byPawank36
 
DSD-INT 2025 Quantifying Flood Mitigation Strategies Under Sea Level Rise - H...
byDeltares
 
DSD-INT 2025 Hydrodynamic and Morphodynamic Modeling with Delft3D FM for an I...
byDeltares
 
DSD-INT 2025 Century-Scale Impacts of Sediment-Based Coastal Restoration unde...
byDeltares
 
DSD-INT 2025 Modelling Non-Newtonian Slurry Beaching with Delft3D-Slurry - Bi
byDeltares
 
DSD-INT 2025 Coupling SFINCS to a flood risk model to evaluate the effects of...
byDeltares
 
DSD-INT 2025 Reviving a Lost Meander - Deen
byDeltares
 
DSD-INT 2025 3D-modelling of salt intrusion into Germany’s busiest waterway -...
byDeltares
 

Disassembly Using IDA

  • 1.
  • 2.
    What is a disassembler? –A program that translates machine code back to assembly code. – It allows you to perform static code analysis. – Static code analysis: a technique you can use to interpret the code to understand the program's behavior, without executing the binary. 2
  • 3.
    What is a debugger? –A debugger is a program which also disassembles the code; apart from that, – It allows you to execute the compiled binary in a controlled manner. – It allows you execute either a single instruction or selected functions, instead of executing the entire program. – A Debugger allows you to perform dynamic code analysis, and helps you examine the aspects of the suspect binary while it is running. 3
  • 4.
    What is ade- compiler? – A program that translates the machine code into the code in a high-level language (pseudocode). – De-compilers can greatly assist you with the reverse engineering process and can simplify your work. 4 Source: Canzanese, Raymond & Oyer, M & Mancoridis, Spiros & Kam, Moshe. (2005). A survey of reverse engineering tools for the 32-bit Microsoft Windows environment.
  • 5.
    IDA Pro tool –Interactive Disassembler (IDA) – A powerful disassembler and a versatile debugger. – It is used for reverse engineering. – https://hex-rays.com/ida- pro/ 5
  • 6.
    IDA Pro tool(Cont.) – IDA Pro has become the de-facto standard for the analysis of hostile code, vulnerability research and commercial off-the-shelf validation. 6
  • 7.
  • 8.
  • 9.
    IDA alternative – x64dbg –An open-source x64/x32 debugger for windows. – https://x64dbg.com/ 9
  • 10.
  • 11.