Sdk to use in malware detection framework

[Botmaster]

Am a university researcher. Working on botnet detection.

Best tool for debug and disassembling is ida pro, anyone got its sdk? And exeinfo is a good tool for reverseaing to find packing unpacking of malwares in os, anyone got its sdk, or any similar powerful app u guys suggest?

[cooper]

Just to clarify... You want to detect the malware after it's done the nasty to your target machine. Did I get that right?

[overwraith]

What you seem to need is some kind of honeypot software so you can safely acquire malware samples as they try to infect you. You need something which is pretty much iron clad, and you can upload malware samples to another computer with, and that you can roll back when it is infected. Once your computer is infected you cannot trust it again unless you have something which is capable of rolling it back. Plugging into the internet directly will infect you good in like 5 min. Most routers have a firewall built in, and many businesses have stand alone firewalls to protect users from these types of shenanigans. It basically doesn't allow inbound traffic which wasn't initiated by the the computers on your network. You can call out, people can't call in unless they have an invitation. If you get your computer infected without special software roll stuff back, then you will never be able to trust that computer again. Hackers change DLLs, EXEs, etc, basically the foundation of the OS. There are so many places to hide things in the Window's gray matter that it just isn't funny. For instance have you ever heard of alternate data streams? That's the one reason you don't put NTFS on your flash drives. A few years ago I bought the Malware Analyst's Cookbook, and a lot of it went over my head. If you go that route you will need some supplemental material, or perhaps a better written book. Good luck reversing!