The first piece of learning how to analyse malware revolves around learning Assembly, the PE format and one or more highlevel languages. The Assembly basics in my blog aims to give a path through that. In that series, we will go through some of the basics of Assembly Language, discuss common instructions and addressing modes, calling conventions and see how some of the higher level language constructs translates into assembly.
The next step is building your knowledge, is obviously learning the Operating system’s internals. While I was at Microsoft, I was fortunate to have attended and delivered Windows internals and debugging trainings internally and to Microsoft’s customers. I’m hoping to share some of the things I learnt during my experience and put it here so it may be a reference to others and my future self. There was no continuity in this series, and that’s because you can’t learn all of Windows internals from a blog, you really have to read the book! Mark Russ and the other authors have brilliantly explained a lot of core Windows concepts that it is considered as almost a bible book for Windows. My blog just gives you some practical hands on.
A third parallel step you should take is to learn a scripting language such as Python or PowerShell. This will help you automate a lot of your research work and greatly improve your efficiency. That is a journey you will have to take alone. However, I thought of having some Windows Internals, PowerShell and Code samples posted in my blog to help you with some of the common tasks you may encounter. I’m still learning PowerShell and Python myself and the learning is not always sequential. So dont expect the blog posts to be ordered sequentially.
As you read through, feel free to shoot any feedback at vimalsh@live.com
Njoy!