(logo)
Web
Moving Images
Texts
Audio
Software
Education
Patron Info
About IA
(navigation image)
Home Animation & Cartoons | Arts & Music | Computers & Technology | Cultural & Academic Films | Ephemeral Films | Movies | News & Public Affairs | Non-English Videos | Open Source Movies | Prelinger Archives | Spirituality & Religion | Sports Videos | Video Games | Vlogs | Youth Media

Search: Advanced Search

UploadAnonymous User (login or join us) 
Moving Image Archive > Open Source Movies > Recon 2006 - Alexander Sotirov - Reverse Engineering Microsoft Binaries

Recon 2006Recon 2006 - Alexander Sotirov - Reverse Engineering Microsoft Binaries (2006)


One of the applications of reverse engineering in computer security is the analysis of operating systems and software for which no source code is available. Most commonly the target is Microsoft Windows, and the goal is to find new 0-day vulnerabilities or to understand the full impact of old bugs. Reverse engineering Microsoft software presents numerous challenges. Based on his experience with reversing all Microsoft patches from the last 6 months, the speaker will present a number of techniques for improving the accuracy of the disassembly output and automating the reverse engineering process. He will begin with an overview of the differences between analyzing Microsoft binaries and other forms of reverse engineering, such as disassembling malware. He will cover common MSVC compiler optimizations, function chunking, C++ vtables, COM objects, exception handling and more. In the second part of the presentation he will focus on the problems with loading symbols and improving the results of the IDA Pro autoanalysis. Finally, he will release the source code of an IDA plugin that improves symbol loading and fixes common disassembly problems. Most of the information presented is applicable to non-Microsoft applications as well, but the examples he provides focus on my experience with reversing Microsoft patches.

Bio
Alexander Sotirov has been involved in computer security since 1998, when he became one of the editors of Phreedom Magazine, a Bulgarian underground technical publication. For the past eight years he has been working on reverse engineering, exploit code development and research in automated source code auditing. His most well-known work is the development of highly reliable exploits for Apache/mod_ssl, ProFTPd and Windows ASN.1. He graduated with a Master's degree in computer science in 2005. His current job is as a chief reverse engineer on the security research team at Determina Inc, a HIPS startup in Redwood City, CA.
http://www.determina.com/security.research/

This item is part of the collection: Open Source Movies

Producer: Recon 2006
Production Company: Recon Conference
Audio/Visual: sound, color
Language: English
Keywords: Recon; Reverse Engineering; Conference; Montreal; Security
Contact Information: http://recon.cx

Be the first to write a review Reviews

Downloaded 630 times

Terms of Use (10 Mar 2001)