Reverse Engineering Win32 Trojans on Linux

slackrootcyc writes "A post (and previous article) give a detailed examination of the reversing process, using a trojan found in the wild. Later on in the story it discusses some techniques for reversing Windows-native code entirely under Linux."

no hysteria, please

[g4dget]

But, referring to doing this on native Windows code is not a good idea at all. Remember the EULA, simply having the Windows code on your disk constitutes acceptance of the EULA and reverse engineering by assembly dumps is explicitly defined as a violation of the EULA. In other words you are setting yourself in a position for major legal problems.

Don't believe everything you read. Just because Bill Gates writes into the EULA that you'll work as his towel boy if you open the box doesn't mean you are actually legally obligated to.

The only legitimate way to reverse engineer software is the method used by the Samba team. You must look at the input and look at the output and then determine your OWN method of achieving the same result.

Sorry, but you don't know what you are talking about. That is not "the only legitimate way".

Thus ANYTHING that you produce afterwards the even vaguely resembles the operation of the original software will place you in a losing position, legally

Oh, please, stop the hysteria. These things need to judged on a case-by-case basis. I frankly doubt that reverse engineering a trojan/virus will get you into hot water with Microsoft's EULA.

Re:Reverse Engineering

[jericho4.0]

RE is the process of looking at how software or hardware works, and trying to replicate it, without looking at the source code. ie, trying to build a car by looking at a car, rather than blueprints.

Re:Violation of the DMCA!!

[Anonymous Coward]

"virii" is perfectly acceptable hacker speak [tuxedo.org]