Dear Friends,

Anybody know how I can run a malware and log its assembly instructions with IDA or any disassembler ??

for example when i run an exe file, the log is : mov inc sub jnz .....

Is there any way ??

Thank you.

????????

Olly Trace.

(NOTE: Run the Malware in a VM. Not in your production)

1. Load malware in IDA.

2. Get coffee while it disassembles

3. Find out start (or select BREAK AT START from debugger options). Or place cursor where you think is start and press F4

4. Run the Debugger. It will break at start.

5. Select Debugger -> Trace. Make sure you are tracing to a file. Keep the number of instructions to trace as 0 . This will trace EVERYTHING (you can trace jumps, functions, stack, all code, etc... select your poison). Trace OVER API calls is a good idea.

6. Run the app. It's a bit slow, so patience.

7. Exit the app.

8. Open the HUGE XXXX MB text file. There you have it... the trace of all instructions PLUS all changed registers AND values for each instruction.

Have Phun

That's work nice, really thank you

Is there any way to automate this process ???

for example i give it a folder of malwares and IDA do this automatically and save the instruction of the trace in a file ???

Really thank you

Heh!

PM me, send me a zipped copy of your legal IDA PRO 6 and I'll tell you how to automate the process.

Jokes apart, you can use command line parameters in IDA to do the same, or use IDC scripts (remember, since v5, IDC scripts work on debuggers ALSO) and finally, you can also build a plugin.

Using IDC Script. Its nice.

Have Phun

Thank you very much, I'll Check it