MIST for static
wangjingan opened this issue · comments
Hi there, is there any possible way to create MIST for static representation?
Do you mean by statically decompiling the binary and tracing the API calls ?
Sent from my iPhone
On 3 Mar 2014, at 06:05, Haryanto notifications@github.com wrote:
Hi there, is there any possible way to create MIST for static representation?
—
Reply to this email directly or view it on GitHub.
exactly, perhaps take mist source code out and do customization of its insides.
You could but there are two issues:
- you will probably only manage to get to level 1 instructions
(backtracking register values passed to function calls is going to be a
nightmare) - you will get "decompiled noise" from packed/encrypted binaries unless
you have a magical universal static unpacker (except for the simple ones
like UPX etc.) - you will have no information to know the running processes (oky you can
discard them)
If you want to use a python-based decompiler I suggest to use Capstone.
Let me know .
Cheers.
On 3 March 2014 08:58, Haryanto notifications@github.com wrote:
exactly, perhaps take mist source code out and do customization of its
insides.Reply to this email directly or view it on GitHubhttps://github.com//issues/4#issuecomment-36491499
.
Dr. Paolo Di Prodi
Static analysis of malware is an involved topic. An interesting read with respect to clustering is the following paper: http://dl.acm.org/citation.cfm?doid=2523649.2523677
However, Malheur and MIST are not designed to support static analysis, so I am closing this issue.