[nul1ptr_]

Maybe this will be somewhat silly question but being mostly self taught this always intrigued me.

When reversing I often find function calls that I'm not sure if I should step in or over. In those situations one misstep might lead to missing important code parts, missing anti-debugging techniques or process termination due to some other reasons. Then I would need to repeat all debugging - often quite tedious task.

So far my solution was to take multiple VM snapshots in major code parts and in case something goes wrong then quickly revert last snapshot. But even if this seems obvious to me I have never read about such an approach in any tutorial nor in any book.

So now I wonder if this is the right approach, because I feel I might be missing something really basic here. Do you know any better approaches? Any other suggestions?

[Websly]

Some things I might do:

1) quickly scan through the code and look for instructions that might be important. (e.g. writing to pointer destinations, use of FS register, suspect redirection of execution flow, suspect exception use, etc)

2) Monitor any API calls being made.

[EP_X0FF]

But even if this seems obvious to me I have never read about such an approach in any tutorial nor in any book.

Probably because most of these tutorials were created in the beginning of 2000-x when VM and VT-x hardware support were rare. I usually use the same method with multiple generated snapshots for quick access.