Jump to content
Tuts 4 You

Unpacking with Windbg...


Teddy Rogers

Recommended Posts

Unpacking with Windbg

A few weeks ago a friend sent me some packed malware that he was having trouble with. The malware had a number of anti-debugging techniques employed that made it difficult to unpack and my friend was in a desperate rush to create solid host-based indicators for the malware. After spending about 30 minutes trying to find all the anti-debugging techniques, I decided to try opening it in WinDbg, because most of the anti-debugging techniques were specifically targeting OllyDbg. OllyDbg is the most popular debugger for unpacking and in our book we devote an entire chapter to unpacking using OllyDbg. However, in cases like this you can use WinDbg to unpack malware and all the same strategies apply.


/>http://practicalmalwareanalysis.com/2012/02/27/unpacking-with-windbg/

Ted.

  • Like 1
Link to comment

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...