Recon - PREVIEW
Recon 2011
Speakers | |
---|---|
Bruce Dang | |
Rolf Rolles | |
Tavis Ormandy |
Schedule | |
---|---|
Day | Friday - 2011-07-08 |
Room | Grand Salon |
Start time | 14:00 |
Duration | 01:00 |
Info | |
ID | 104 |
Event type | Lecture |
Track | Main |
Decompiling kernel drivers and IDA plugins
In the practice of reverse engineering, full program decompilation is often seen as an extreme measure. While it is a time consuming process, we believe that it can be instructive and conducive to improving one's analytical skills.
For this talk, we will first describe the steps conceptually involved in manual decompilation, and then demonstrate our techniques and experience in manually decompiling user- and kernel-mode code. While at it, we will also discuss relevant IDA tips and tricks and ways to improve Hex-Rays' automatic decompilation output.
The targets we decompiled include both malware and standard operating system drivers.