http://www.youtube.com/watch?v=wC51TQvsNWU

How is he going through Olly so fast? He's obviously not reading everything, what is he looking at?

Howdy,

Reversinglabs is a pro outfit.
All they do is rip shit apart, be it malwares/virii,
or plain old programs. Analyze enough of that crap
and I am sure you can get rather proficient
at recognizing patterns.

Or, the person doing the tut has ripped that mal
apart numerous times and knows where to look.

Woodmann

I see, well if they are just going by patterns, I take it they are looking at the assembly window, right? I have Practical Malware Analysis pre-ordered so I'm sure I'll learn a thing or two about assembly and debugging. I won't be flying through Olly like that anytime soon though

that video may be edited to make it look fast too

all that guy is doing is jumping out of loops and skipping old known patterns

suppose you have a sequence like this

block start
some crap
jmp within block
some more crap
jmp on condition within block
some more crap
jmp out of block on condition
some more bs
jmp to start of block
more fizz
jmp within block
end of block

there is only one exit out of this seemingly obscure block and once you step through assembly a few times you can recognize exits very fast
all you need to do is set a break on exit and run the proggie (there are pitfalls in what i simplistically state but 99% of the time you can safely exit from blocks
if you understand patterns)

the other thing is he know what decompression routines etc look like (see the apcode comment in the video)
so he simply skips them by breaking and stepping on exits

take an upx packed executable and practice single stepping the unpacking code

the signature for most pros out there is they see a pushad
then look for a popad jmp dest sequence set a bp on jmp dest and f8 once to reach entry point proggie unpacked

it might look like flying through the code but it is simply skipping whats boring routine which they know wont affect their analysis

Yeah, I was going to comment that that vid might be a good example to study for clues to "Zen" reversing. The boring blocks as blabberer mentions, that don't need to be examined too closely seem to be nicely highlighted, while important parts are commented. Key in on the instruction types where the stops are made.

I've never had the patience to follow video tuts, I guess they do go too fast to get much from unless you takes lots of time studying them. I haven't looked into this, but I'm wondering if there's a way to download Youtubes and play them back at a slower rate? i.e. is there a 'Roni Amazing SlowDowner' for Adobe Flash Player? A quick search hints that FLV Player, VLC or Flash Bookmarklets might do something like that. Seems like that would be something useful to be able to follow these manic video tuts...

i dont watch you tube it is a headache when looking at streaming crap on unstable slow connections

i use firefox addon http://www.flashvideodownloader.org/

simply choose the smallest download (there are 100s of sd / hd / low / high / bold / sexy / kinky / versions of the same flv in you tube ) download it and view it on old windows media player where i can view it on my terms and my speed on my time and if i need to rewatch it i dont have to put up crazy / slow / buffering crap

simply rewind and restart or drag front and back

lol the vids screen are so small I don't think I wanna watched a second you might need a magnifying glass