Teddy Rogers Posted February 29, 2012 Share Posted February 29, 2012 Unpacking with WindbgA few weeks ago a friend sent me some packed malware that he was having trouble with. The malware had a number of anti-debugging techniques employed that made it difficult to unpack and my friend was in a desperate rush to create solid host-based indicators for the malware. After spending about 30 minutes trying to find all the anti-debugging techniques, I decided to try opening it in WinDbg, because most of the anti-debugging techniques were specifically targeting OllyDbg. OllyDbg is the most popular debugger for unpacking and in our book we devote an entire chapter to unpacking using OllyDbg. However, in cases like this you can use WinDbg to unpack malware and all the same strategies apply./>http://practicalmalwareanalysis.com/2012/02/27/unpacking-with-windbg/Ted. 1 Link to comment Share on other sites More sharing options...
kao Posted February 29, 2012 Share Posted February 29, 2012 For some reason, their post doesn't contain link to training executables they used: http://sourceforge.net/projects/pmalabs/files/latest/download 2 Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now