Recon 2011

Bruce Dang
Rolf Rolles
Tavis Ormandy
Day Friday - 2011-07-08
Room Grand Salon
Start time 14:00
Duration 01:00
ID 104
Event type Lecture
Track Main

Decompiling kernel drivers and IDA plugins

In the practice of reverse engineering, full program decompilation is often seen as an extreme measure. While it is a time consuming process, we believe that it can be instructive and conducive to improving one's analytical skills.

For this talk, we will first describe the steps conceptually involved in manual decompilation, and then demonstrate our techniques and experience in manually decompiling user- and kernel-mode code. While at it, we will also discuss relevant IDA tips and tricks and ways to improve Hex-Rays' automatic decompilation output.

The targets we decompiled include both malware and standard operating system drivers.