Teddy Rogers Posted February 29, 2012 Posted February 29, 2012 Unpacking with WindbgA few weeks ago a friend sent me some packed malware that he was having trouble with. The malware had a number of anti-debugging techniques employed that made it difficult to unpack and my friend was in a desperate rush to create solid host-based indicators for the malware. After spending about 30 minutes trying to find all the anti-debugging techniques, I decided to try opening it in WinDbg, because most of the anti-debugging techniques were specifically targeting OllyDbg. OllyDbg is the most popular debugger for unpacking and in our book we devote an entire chapter to unpacking using OllyDbg. However, in cases like this you can use WinDbg to unpack malware and all the same strategies apply./>http://practicalmalwareanalysis.com/2012/02/27/unpacking-with-windbg/Ted. 1
kao Posted February 29, 2012 Posted February 29, 2012 For some reason, their post doesn't contain link to training executables they used: http://sourceforge.net/projects/pmalabs/files/latest/download 2
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now