Scripting Hopper Disassembler - WS2_32.dll Ordinals to Names

2012-12-26 22:52:58 by chort

Over the holiday break I set goals to learn Yara signature creation and start the lab exercises in Practical Malware Analysis. Learning Yara turned out to be extremely easy, the User's Manual (available here) is excellent. Attempting to do the labs from PMA with Hopper rather than IDA Pro turned out to be rather challenging. One major advantage of IDA Pro is F.L.I.R.T. as many experienced reversers have been quick to point out to me. The very first exercise I attempted required analyzing a call to gethostbyname, which I couldn't even find because Hopper hadn't resolved the import ordinal to a name. I decided it was an excellent opportunity to learn how to use the built-in scripting of Hopper to resolve the names myself.

Read the rest of this story...