This talk seeks to remedy the remarkable lack of information about reverse engineering large commercial software for the purposes of security research. Most of the available presentations and training courses focus on disassembling malware and obfuscated code. Reversing commercial software presents a very different set of challenges.Based on my experience with reversing most Microsoft patches from the last year, I will describe how to set up a scalable reverse engineering environment and how to recognize common features of Microsoft code. I will present a number of techniques for improving the accuracy of the disassembly output, including an open-source plugin for IDA Pro that significantly improves the loading of Microsoft debugging symbols.