Reverse Engineering Microsoft Binaries presented at SyScan 2006

by Alexander Sotirov,

Tags: Security Malware

Summary : This talk seeks to remedy the remarkable lack of information about reverse engineering large
commercial software for the purposes of security research. Most of the available presentations
and training courses focus on disassembling malware and obfuscated code. Reversing commercial
software presents a very different set of challenges.Based on my experience with reversing most Microsoft patches from the last year, I will describe
how to set up a scalable reverse engineering environment and how to recognize common features of
Microsoft code. I will present a number of techniques for improving the accuracy of the disassembly
output, including an open-source plugin for IDA Pro that significantly improves the loading of
Microsoft debugging symbols.