大家好，我是新来报到的小菜，这是我的处女贴。最近在看雪逛了逛，看到了很多网友分享了很多好东西，心想也要分享一点东西不可。于是花了几天时间想来想去，想在我的脑里挖一点好东西出来，分享给大家，最终突然醒悟到自己只是小菜一碟，没什么营养价值，也就不妄想了。偶然跟室友（小虫）聊起这件事，没想到他竟然叫我翻译一些外文分享给大家。
其实我并不怕外文，反而是怕中文，因为我的大肚子就是给中文害的。每次考中文，没有一次不是吃蛋，无奈还要给同学笑我左右不是人。好了，废话就不多说了，由于我不是计算机专业的又不是学翻译的，所以如果翻得不好请原谅，最好就提出来，我会改善的。另外，这本书如果有人已经翻译了，请大家告诉我一下，我会停止翻译工作，因为小菜（我）很忙只能一章章的翻，现在就献上

第一章简介。
以下的内容是供交流学习之用，如果有人用它来做非法的事，概与本人无关。
An overview of code debuggers
(调试器的概述）

Sooner or later you will want to know absolutely everything about an execucutable file.you may want to know.for instance:
1.The exact memory address that it is calling
2.The exact region of memory that it is writing
3.What region it's reading from
4.Which registers it's making use of

不久,你将要在本书学习有关执行档的所有知识.例如:
1.正在调用的真正内存地址
2.正在进行写操作的准确内存区域
3.正在读取的资料是来自哪个内存区域
3.哪些寄存器正被使用

Debuggers will aid you in reverse-engineering a file for which you don't have the source code, by dissembling the file in queston.This comes in handy when you're analyzing malware,as you almost never have access to the  executable's original source code.The goal of this section is not to coach you in depth on how to use these debbuggers, but simply to show you that they are out there and available for you to use. Debuggers are very powerful tools that take a long time to learn to use to their fullest extent

调试器能帮助你逆向档案,特别是一些你没有原代码的档案,通过调试器反汇编它,从而发掘一些你感兴趣的东西.对与恶意程序,调试器更派得上用场,因为你几乎没可能直接访问恶意程序的原代码.这一节,我的目的并不是要指导大家怎样用哪些调试器,但是,我会简单的介绍一下这些调试器.调试器是一种很强大的工具,因此要掌握他的所有用法势必要花很长的时间不可.

The " cream of the crop " in debuggers and the focus of this book is Interactive Disassemblers Pro, available from DataRescuse. IDA Pro should be you first choice of a debuggers for an enterprise environment. It isn't really expensive, and is well worth the nominal outlay for the features it offers.

在众多的调试器中,最优秀的当然是IDA PRO,本书也集中讨论它(IDA PRO可以从DataRescuse获得).IDA PRO 应该作为大家的第一选择,它并不是真的很贵,绝对是物超所值.

DataRescue offers a demo version from their Web site at 539K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4N6%4N6#2)9J5k6h3c8S2N6r3q4J5k6i4y4U0N6h3g2Q4x3X3g2U0L8$3#2Q4x3V1k6A6k6r3q4T1j5i4y4W2i4K6u0r3K9h3&6V1k6i4S2Q4x3X3g2Z5N6r3#2Q4x3X3f1`. This version can only work with a limited range of file and processor types, is time limited, runs only as a Windows GUI application, and so on.

DataRescue在它的网页(5b9K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4N6%4N6#2)9J5k6h3c8S2N6r3q4J5k6i4y4U0N6h3g2Q4x3X3g2U0L8$3#2Q4x3V1k6A6k6r3q4T1j5i4y4W2i4K6u0r3K9h3&6V1k6i4S2Q4x3X3g2Z5N6r3#2Q4x3U0W2Q4c8e0k6Q4z5p5k6Q4z5e0m8Q4c8e0c8Q4b7V1g2Q4z5f1u0Q4c8e0c8Q4b7V1q4Q4z5o6k6u0c8p5p5`. PRO 的演示版供人下载.这个版本有很多限制,它只能在种类相对比较少的处理器下运行,能处理的文件类行也比较少,还有它有时间限制,以WINDOWS GUI 的形式运作,等等......

IDA Pro is much more than a simple debugger. It is a programmable, interactive disassembler and debugger. With IDA Pro you can reverse-engineer just about any type of executable or application file in existence. IDA Pro can handle files from consol machines such as Xbox, Playstation, Nintendo, to Macintosh computer systems, to PDA platforms, Windows, UNIX, and a whole lot more. Figure 1.1 shows the initial load screen wizard when you first start IDA Pro. Notice all the file types and tabs that will help you select the proper analysis for the file type that you wish to disassemble.

IDA PRO 并非只是一个调试器这么简单，它是一个可以编程的，交互性很强的反汇编器和调试器的合体。运用IDA PRO几乎可以逆向现存的所有可执行档或应用程序。IDA PRO可以处理控制台机器的文件，如Xbox, Playstation, Nintendo,也可以处理梅肯套希（Macintosh）系统的文件，甚至连 PDA 平台， Windows, UNIX的文件都可以处理，当然还有很多，这里不列出来了。图表1.1显示了当初次开启IDA PRO时的初始化精灵画面.注意所有的文件类型和标签,它们会帮助你,为你要分析的文件类型选择正确的分析方法.

In Figure 1.2, IDA Pro has loaded and is disassembling a WootBot variant with file name instantmsgrs.exe. Part of what we can see from Figure 1.2 is that instanmsgrs.exe was packed using an executable packer called Molebox. You can also plainly see the memory calls that it's making, and the Windows DLLs that are being called. This type of information can be invaluable when it comes to fighting off a virus or malware outbreak, especially if you need to make a custom cleaner in order to repair your systems.

如图表1.2,用IDA PRO 加载instantmsgrs.exe（它是一个WootBot病毒的变体）并进行反汇编。我们可以从图中看到instanmsgrs.exe加了一个叫Molebox的壳。你也可以清楚的看到这个程序正在进行内存调用，同时Windows DLLs也正在被调用。当我们要阻止一个病毒或者恶意程序发作时，这些资料是很有用的,尤其是在清除有害的程序和修复系统时更能体现出他的重要性。

SUMMARY
总结

IDA is one of the most popular debugging tools for Windows. First, IDA Pro is a disassembler, in that it shows the assembly code of a binary (an executable or a dynamic link library [DLL]). It also comes with advanced features that try to make understanding the assembly code as easy as possible. Second, it is also a debugger, in that it allows the user to
step through the  binary file to determine the actual instructions being executed, and the sequence in which the execution occurs. you'll learn about all of these features throughout this book. IDA Pro is widely used for malware analysis and software vulnerability research, among other purposes.  IDA Pro can be purchased at e4aK9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4N6%4N6#2)9J5k6h3c8S2N6r3q4J5k6i4y4U0N6h3g2Q4x3X3g2U0L8$3#2Q4x3X3f1`.

在Windows环境下运行的调试器中,IDA是其中一个很出名的调试器.第一,IDA Pro是一个反汇编器,它能反汇编出一个二进制文件(可执行挡或者动态连接库)的汇编代码.同时也提供了一个进阶的特性,从而尽可能让分析人员更加容易的去理解这些汇编代码.第二,它是一个调试器.它能够单步调试二进制文件,从中测试被执行的每一条指令的行为和指令执行的次序.你将会在本书中学到所有的有关这方面的特性.IDA Pro广泛的给用来分析恶意程序和研究软件的漏洞.你能在8d5K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4N6%4N6#2)9J5k6h3c8S2N6r3q4J5k6i4y4U0N6h3g2Q4x3X3g2U0L8$3#2Q4c8e0c8Q4b7U0W2Q4b7U0m8Q4c8e0g2Q4z5o6S2Q4b7U0m8u0c8p5p5`. Pro这个软件.

待续......
欢迎志同道合（热爱技术，又像我一样懂点外文）的人加我的QQ，一起翻一些有用的东西分享给大家。
QQ473282443

[培训]科锐逆向工程师培训第53期2025年7月8日开班！