My presentation at REcon 2012 Montreal

This year was my first time at REcon, most of the talks were pretty genuine, I have to mention also that Montreal is an awesome city đŸ™‚

My talk for this year was to describe how to build a tailored operating system that will be executed using an emulator (be it Bochs, qemu, VMWare, …) for the purpose of debugging malware, shellcode or any other code snippet.

An existing emulator will be leveraged (instead of building an emulator from scratch, which can be time consuming and error prone).

Later, I describe how to write a program that can construct a custom disk image containing a tailored operating system to run a specific piece of code or malware.

The following design aspects were covered:

  • disk structure: file system design and file format structure
  • booting process: page table setup, GDT/IDT setup and exception dispatching
  • the host: the role played by the host
  • host/guest interaction: communication method used to exchange information between the host and the guest
  • os environment: system structures and the memory layout of the main program and its dependencies
  • API emulation: customization of APIs using scripts (Python, …) or native code (asm or C code)
  • debugging: debugging facilities using Bochs’ built-in debugger
  • use cases: malware and shellcode debugging

The slides can be downloaded from here.

Special thanks to the organizers Hugo Fortier and David Mirza.


About 0xeb

I am a programmer and reverse engineer. I like to write software utilities, designing APIs and reverse engineering interesting stuff.
This entry was posted in IDA Pro, RE and tagged , , , , , , , , , , , , , , . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s