Reputation: 51
IDA pro Reverse Engineering -- String Condition
I'm using IDA pro to reverse a trojan with a packer, and I saw that the trojan unpack some files, (two files actually) by depacking my trojan with winrar. Now I would like to see what's really going on and was trying to use IDA pro to disassemble it, but when analyzing it with strings, I don't find the files name which are unpacked, that's why I presume that they are pushed to the stack, and I'm wondering how to set a condition in IDA pro which would raise if one register contains a string for example if %eax = string , ( whatever string ).
Thanks for your help
Upvotes: 0
Views: 2282
Answers (1)
Reputation: 716
You can set up conditional breakpoints from their properties window (Right click on the breakpoint address->Edit Breakpoint). Lookup the IDC command table for more info on the supported functions.
Upvotes: 1
Related Questions
- fgets exploit - reverse engineering with IDA
- How can I determine this string value based on the C disassembly?
- IDA pro asm instructions change
- Disassmbling with IDA python for extract instruction
- Reverse engineering ambiguous syntax
- How to disassemble a 32-bit ELF stripped c-program using IDA pro?
- IDA 6.5 show "??" in decompile
- IDA Pro script for strings
- IDA Pro variable declaration
- Reverse Engineer Simple Application with IDA Pro 5