Today I'd like to share an interesting PDF found while surfing on some of my favorite feeds. The PDF is titled: "Deep dive into OS internals with WinDB" . Well, you might think this is going to be the same document explaining windows malware analysis, but not ; it is not the "always the same document". What I liked about it, is the easy way it shows information, small document with a lot of information. You could read it as a cheat sheet or as a little manual as well.
There is more than one reason to reverse malwares these days. As time passes by, the awareness about Reverse Engineering is spreading. However, there are few obstacles encountered for a person new in the field of Reversing Viruses. Unlike other domains of security where you can make your way through with the reliance on some security tools, this field demands a strong understanding of the Operating System Internals and Assembly Language Programming.
The author covers many of the most important arguments in the field of the reverse engineering by giving the essential flavors of the following topics: basic concepts of reversing, a very brief summary of PE anatomy, DDI and importing tables, exporting table (those sections are very intensive;) and so on.. Well, I personally suggest this reading to averybody aims to know more about reversing engineering stuff, but have not much time to read whole manuals, and to everybody working on hardsecurity topics but not everyday practitioners. And obviously to " security students" who should be avid readers of such things. :)