Jump to content
Tuts 4 You

[unpackme] Dump'n'RebuildMe


steve10120

Recommended Posts

Thanks. And,

Difficulty: ?

Only experimenting like I said, just wondering whether its worth totally re-basing the image if relocs are present.

Link to comment
Share on other sites

The [unpackme] tag has been added to your topic title.

Please remember to follow and adhere to the topic title format - thankyou!

[This is an automated reply]

Link to comment
Share on other sites

Difficulty: ? <-- No not really.So you know I can just give you my opinion.

-no IAT redirection

-no AntiDump / dump protection feature

-no manipulation detection / CRC / PE

You should also insert more [self] and debug checks.

So keep going maybe you next one will be harder.

greetz

Link to comment
Share on other sites

NullPointerException

also you should pack bigger file if you are developing your own protector so we can fully test it.

As for protection you should do what lcf said, plus:

1) try to hide the jmp to oep

2) add some primitive obfuscation (by using jumps)

3) dont make the code too linear: use calls inside calls to hide what your packer does. It's stupid but effective

regarding antidebugs try to develop your own way to detect debuggers: altough they are more or less all known, try to make some little tricks (plugin detection, hook of patches made by plugins detection etc)

last week i found a paper from blackhat explaining malware protection but i cant find it anymore. was nice for some inspiration :)

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...