Posted February 29, 201213 yr Unpacking with WindbgA few weeks ago a friend sent me some packed malware that he was having trouble with. The malware had a number of anti-debugging techniques employed that made it difficult to unpack and my friend was in a desperate rush to create solid host-based indicators for the malware. After spending about 30 minutes trying to find all the anti-debugging techniques, I decided to try opening it in WinDbg, because most of the anti-debugging techniques were specifically targeting OllyDbg. OllyDbg is the most popular debugger for unpacking and in our book we devote an entire chapter to unpacking using OllyDbg. However, in cases like this you can use WinDbg to unpack malware and all the same strategies apply./>http://practicalmalwareanalysis.com/2012/02/27/unpacking-with-windbg/Ted.
February 29, 201213 yr For some reason, their post doesn't contain link to training executables they used: http://sourceforge.net/projects/pmalabs/files/latest/download
Create an account or sign in to comment