Understanding the essentials of dealing with packed and encrypted malware is paramount when dealing with real world malware. In tandem, you should also be able to follow malware activity as it goes to and fro between the user mode and the kernel mode, or tries nifty tricks to be as stealthy or destructive as it can be. In this chapter, you will learn the following:
The process of unpacking packed binaries
Kernel mode debugging with IDA Pro, Virtual KD, and VMWare
Windows internals concepts