how to learn advanced unpacking ?

[AntonChigurh]

hi

 

i am noob and want learning advanced unpacking like deobfuscation and devirtualize VM'd code and ....

 

i have some experience with simple packer and read lena toturial about unpacking .

 

so  where can i strat to learn these topics ?

 

cheers

 

 

[GIV]

You can try to start from here:

 

https://gdtr.wordpress.com/2012/10/03/decv-a-decompiler-for-code-virtualizer-by-oreans/

[chickenbutt]

Most people will tell you after you finish Lena tutorial level stuff to basically go learn tricks in old versions of ASProtect and Yoda and Arma.

 

The Lena tutorials actually don't teach you most of the PE alignment and dissembler tricks or multi-threaded RE, which are all vital. I'd actually suggest learning how UPX works from assembly. If you can't do that how would you defeat VM handlers and the crypto and tricks that protect them? I'm not talking about putting a breakpoint and letting the packer map either..

 

Another thing nobody ever says is it takes years of constant study to be able to MUP TheMida without guidance. Oreans stuff isn't even hard compared to some dongle and AAA game stuff.. There are popular protectors that have never been posted here that make everything here seem easy.. Starforce Crypto, Tages, Ubisoft DRM, SecuRom, driver and userland protection on malwares like Rustock.C driver VM and APT binaries with uncommon compiler switches etc..

 

My Best Points:

• Don't waste years working with OllyDbg or PE-exclusive stuff. Just start with IDA Pro and it's scripting and debuggers
  
• A few of the top unpackers here can't keygen. Pick your disiplin or you'll probably burn out or never be great at one or another
  

[Zasz]

I haven't done any devirtualization yet (really looking forward to it!), but you should try some obfuscated packers to get the hang of it, if you want to learn deobfuscation. If I remember correctly, pElock and PC-Guard are obfuscated. You can find UnPackMes of them in the Download section of the site. You shouldn't have a problem deobfuscating them if you did Lena's last tutorial.