Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: Debuggers and Analyzing Malicious Software - SANS Internet Storm Center SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms:

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Debuggers and Analyzing Malicious Software

While at SANSFire this past week, I got the chance to chat with many of my colleagues.  One of things we discussed was tools we used to analyze malicious code.  Of particular interest to me is the topic of debuggers.    It appears that really two tools stand out as one of choice.

    1)  IDA Pro from DataRescue.  The offer a free version which has reduced functionality.  But most of those I chatted to recommend using the commercial one or #2.

    2) OllyDbg -  This is the tool that most of my colleagues are using.  It is shareware and seems to be easier to use to some analysts.  As such I would recommend this one.

    3) Immunity Debugger -  Released recently, some are trying this one out as it seems to take the best of command line interfaces as well as the GUI ones and combined it into one package.

So are there other debuggers that you, our readers, like to use when analyzing malicious software?  Let me know which ones and your reason why.  I will add them to this diary over the weekend. 




191 Posts
ISC Handler
Aug 5th 2007

Sign Up for Free or Log In to start participating in the conversation!