@jackz4665
Wow man you explain things so easily, you kinda spend some time talking about something you are focusing which is not really relevant, like but this is the best way to explain something, you could've turned this video into 45 minutes instead of 1:30 but without your deep explanations on how you think about things wouldve been really hard to grasp, thank you
@breadbaconcheese
just wanna say thanks alot for this vid. i really learnt alot from your practical tips. the ida/debugger dll base address offsetting, explanations on breakpoint at ordinal vs dll entry point, etc. legit droppin gold nugs!
@simpleman8556
Your unpacking technique is saving me a lot of time everyday :)
@andylockhart257
Truly epic tutorial! Kudo's guys. This is THE best IDA/Malware tutorial I have seen on the net. You guys surpass all! btw, did you know that if you place your cursor somewhere and press F4 it will run until that point. This works in most other debuggers and removes the need to manually set and remove breakpoints :) Also in the last exercise you guys are reversing a DLL. If you simply use View->Open subviews->Functions you should be able to see 'DllEntryPoint' therefore need not calculate DLL rebasing. Good practice though :) Stellar guys....just awesome :) More tutorials! pls I have learnt so much.
@QQ-xx7mo
Thank you so much for everything, I'm learning a lot from your videos.
@rayray1999100
I really appreciate this man! <3
@StefanRothenbuehler
Great tutorial. I have a similar setup for remote debugging. Is there a particular reason why you don't just leave the path for the remote program to debug as it is? They lay in the same folder on the same shared folder (same drive letter mapped Z:) on both VMs. This is how I do it. I just thought there might be a reason other than to explain the concept why you don't just leave the path as it is. Keep up your great work! Really enjoy it.
@binaryteam5448
Awesome videooo loveeee it can't wait till you get into kernel so detailed I'm going to be watching your videos all dayππ
@lanr3356
I loved the tutorial. thank you very much for your time and effort to bring it to us.
@nikhilt3755
18:45 are you referring to stack buffer overflow?where we can use pop pop ... return inorder to execute shellcode
@ReubenSammut
First of all great tutorial. Just getting into Malware analysis (currently reading Practical Malware Analysis) and your tutorials are some of the best I've seen so far. Just a question regarding setting breakpoints after taking memory snapshots (I'm not sure it really makes sense). If ASLR is turned off, shouldn't the base of the exe + stack, heap and libraries be mapped to the same locations in memory, hence allowing you to keep the breakpoints from one run to the other after unpacking?
@joppezorro4360
Very good tutorial. Interesting observation though. In my setup I run two virtual win10 64bit. then the API call (openKeyexW) goes to kernelbase and not advapi32. IDA says advapi32 but if you follow the execution you will see that it goes to kernelbase.
@rocketsurgeon7057
Excellent. Give us more.
@γγΎγ-y6t
the best ida tutorial ever seen.Cool
@muffinberg7960
Awsome video. Really enjoyed watching it
@Marselmarsemars
very useful video, made a lot of bookmarks
@mozark1043
Hey, great tutorial packed with info. Recommend breaking up the sections in the future for quick access (or have quick nav buttons at the start). Any chance you could cover a "get IDA pro setup with IDA python on Windows" tutorial? The IDA python book assumes it's already installed and online resources are scarce. EDIT: Nevermind, apparantly the free version doesn't support IDAPython
@lougvar
Amazing! Thanks!
@og46829
You're awesome! Thank you for your time, efforts and knowledge :) Can you please make a video in which you make something like a long-term roadmap for beginners to learn malware analysis?
@simpleman8556