Today we are going to go over What’s a Static Analysis. We will be using IDA Pro. – https://twitter.com/ro0ted/
Note: I recommend buying the paid version of IDA Pro as it can open many forms among other reasons…
Whats the difference between Ollydbg & IDA Pro?
Ollydbg is a debugger which means it runs the .exe.
IDA Pro is a disassembler which does not execute the .exe. This is a static analysis which in safe terms is the best bet. Especially when you have an suspicious file.
The many file formats:
The blurred out icons aren’t include in the free. If you want all formats pay for the paid version.
We select the Windows Tab and select PE executable:
First thing we notice is UPX on the left side which states this .exe is packed with UPX:
Let’s load the .exe in exeinfoPE:
It’s indeed packed with UPX
Let’s unpack it.
So we download upx
Open up cmd and navagiate to the location type upx:
Put the target .exe in the same directory of upx:
Now reload it in IDA Pro:
It’s not packed anymore :]
This is just a brief introduction of IDA Pro. Don’t wanna overwhelm you. So in another tut we will go over different ways in using IDA Pro.
Introducing IDA Pro: Static Analyzing +
- You can follow any responses to this entry through the RSS 2.0 feed.
- Both comments and pings are currently closed.