Thursday, 4 July 2013

Introduction to Ollydbg

To start with malware analysis you need to know about debugging. Ollydbg is the most popular  user mode debugger among Malware analysts and reverse engineers. I will explain debugging types user mode and kernel mode debugging later. First you should get familiar with Ollydbg. You will be using it a lot during malware reverse engineering. There is one more popular debugger named immunity debugger with support for python scripting. Immunity is very similar to ollydbg in usage. But ollydbg is more popular because its old and have long list of plugins. This tutorial will also be applicable to immunity debugger. But i would recommend that for now you should start with ollydbg you can switch to immunity later if you want when you get comfortable with ollydbg.
So not wasting more time here is brief introduction to Ollydbg.

As the name itself suggests OllyDbg is debugger and disassembler for Microsoft Windows PE(Portable Executable) files (32-bit) . According to the author , Oleh Yuschuk, OllyDbg is a 32-bit assembler level analysing debugger for Microsoft Windows. Emphasis on binary code analysis makes it particularly useful in cases where source is unavailable. The current version of OllyDbg cannot disassemble binaries compiled for 64-bit processors.