A forum for reverse engineering, OS internals and malware analysis 

 #13440  by thisisu
 Sat May 26, 2012 6:32 pm
Hi guys,

As the topic states: How did you begin learning how to "patch" malware?
I am particularly interested in learning how to make any malware dropper that has some type of "Anti VM" / "VMDetect" code, friendly for VM.
I would love to be able to help out on this site and others by providing a more detailed analysis of what is going on in the malware droppers.
I have 0 programming experience but I think if I am pointed in the right direction, and really start getting the hang of things, I could do some good :)
What do you guys recommend? And as the topic states, how did YOU learn? Do I need a strong math background? Do I have to learn a programming language first and foremost? If so, which books/articles/tutorials would you recommend for that? I will read, but everything that I have read thus far (even stuff that is intended for newbies), I feel is way over my head and I just can't seem to get a grasp of things... :(

Any help is appreciated
 #13441  by xdeadcode
 Sat May 26, 2012 7:19 pm
Hi thisisu,

Well without any programming knowledge (C and asm especially) it will be hard to start - this is my point of view on this.

1. According to some anti-debugging techniques I think this article can help you https://docs.google.com/viewer?url=http ... .pdf&pli=1

2. I think you can also take a look here http://tuts4you.com/download.php?list.66 or here http://tuts4you.com/download.php?list.20

As I said before - first thing I would do would be learing programming language.
You should also try to debug some apps (and r0 modules) - windbg is so great tool for doing this.

Best regards,