From Collaborative RCE Knowledge Library

Jump to: navigation, search

Windows Unpacking Articles


Item name: Anti-Anti Dump and Nonintrusive Tracers
Rating: 0.0 (0 votes)
Author: deroko                        
Home URL: http://www.accessroot.com/
Last updated:
Version (if appl.):
Direct D/L link: http://185.62.190.110/accessroot/arteam/site/download.php?view.10
Description: "A novel method to manage new anti-dump buffer-based protections used by latest protectors as AsProtect SKE, Armadillo etc (sources included)"
Also listed in: Windows Anti Reversing Articles, Windows Internals Articles
More details: Click here for more details, images, related URLs & comments for this item! (or to update its entry)



Item name: Using Memory Breakpoints with your Loaders
Rating: 0.0 (0 votes)
Author: Shub-Nigurrath                        
Home URL: http://www.accessroot.com
Last updated:
Version (if appl.):
Direct D/L link: http://www.accessroot.com/arteam/site/files/video/Using_Memory_Breakpoints_by_Shub-Nigurrath_preview.pdf
Description: "This tutorial will discuss how memory breakpoints work and how to use them for you own loaders. It's an ideal prosecution of the already published Beginner's Tutorial #8 [1], where I already covered hardware and software breakpoints quite extensively (at beginner's level of course)."
Also listed in: Windows Internals Articles, Windows Tool Articles
More details: Click here for more details, images, related URLs & comments for this item! (or to update its entry)



Item name: Win32 Portable Executable Packing Uncovered
Rating: 0.0 (0 votes)
Author: Websense                        
Home URL: http://securitylabs.websense.com/content/Assets/HistoryofPackingTechnology.pdf
Last updated:
Version (if appl.):
Direct D/L link: Locally archived copy
Description: This paper introduces Win32 Portable Executable (PE) packing from a technical perspective. This includes PE file manipulation, compression, obfuscation, anti-dumping, import protection, and more. The paper describes various protection techniques, and presents a brief history of packers. Note that the most advanced techniques are found in commercial protection systems, and therefore are not presented here.
This paper provides enough information to understand the inner workings of executable packers: most packers are based on what is described here. Almost all custom packers (which means real packers, not loaders) seen in malware are based on the packing theory presented in this document.

The paper aims to explain how packers work internally. The most advanced techniques were left out on purpose, because they are used in commercial protection systems. Most custom packers found in malware are usually quite simple, and rely heavily on the techniques presented here. Sometimes, malware is protected using what people tend to call a packer, when they are actually just loaders (an executable is embedded in the “packed” malware, and executed in memory without being dropped on disk). Since they are not packers per se, they were not included in this paper.
Also listed in: (Not listed in any other category)
More details: Click here for more details, images, related URLs & comments for this item! (or to update its entry)



Item name: Writing a loader for an application packed with an unknown packer:
Rating: 0.0 (0 votes)
Author: Shub-Nigurrath                        
Home URL: http://www.accessroot.com
Last updated: September 2005
Version (if appl.):
Direct D/L link: http://www.accessroot.com/arteam/site/download.php?view.180
Description: "The question this tutorial tries to address is how to write a loader for an application which is packed with an unknown packer, what events to trace and how to proceed in order to faster get a working loader, able to patch the target."
Also listed in: Windows Internals Articles
More details: Click here for more details, images, related URLs & comments for this item! (or to update its entry)




RSS feed Feed containing all updates and additions for this category.

RSS feed Feed containing all updates and additions for this category, including sub-categories.





Views
Category Navigation Tree
   Tools