Manual Unpacking Of Upx Packed Executable Using Ollydbg and Importrec
Journal Title: IOSR Journals (IOSR Journal of Computer Engineering) - Year 2014, Vol 16, Issue 1
Abstract
A 'Packer' is a compression routine that compress an executable file. Packers are used on executable for two main reasons: to shrink programs or to thwart detection or analysis. When malware has been packed, an analyst typically has access to only the packed file, and cannot examine the original unpacked program or the program that packed the malware. In order to unpack an executable, we must undo the work performed by the packer, which requires that we understand how a packer operates. All packers take an executable file as input and produce an executable file as output. The packed executable is compressed, encrypted, or otherwisetransformed, making it harder to recognize and reverse-engineer. Unpacked executable are loaded by the OS. With packed programs, the unpacking stub is loaded by the OS, and then the unpacking stub loads the original program. The code entry point for the executable points to the unpacking stub rather than the original code. The original program is generally stored in one or more extra sections of the file.
Authors and Affiliations
Asha Devi
Keywords
Related Articles
- EP ID EP120936
- DOI -
- Views 112
- Downloads 0
Study of P2P Botnet
Abstract: Today, centralized botnets are still widely used. In a centralized botnet, bots are connected to several servers (called C&C servers) to obtain commands. This architecture is easy to construct and eff...
Removal of Gaussian noise on the image edges using the Prewitt operator and threshold function technical
Image edge detection algorithm is applied on images to remove Gaussian noise that is present in the image during capturing or transmission using a method which combines Prewitt operator and threshold function te...
Dynamic and transparent seat allocation using QR Code in a Mobile Application
Abstract: Indian Railway is world’s largest human transport system which is currently dealing with a lot of problems, such as availability of confirming seat to waiting list passengers after its departure. Moreover, ther...
Cardiac Catheterization Procedure Prediction Using Machine Learning and Data Mining Techniques
Although catheterization is an important tool in the diagnosis and the treatment of cardiovascular diseases, it may cause different complications such as death or myocardial infarction during diagnosis. Data mining techn...
LTE Performance over Wimax in Term of Network Applications: An Implementation on E-Administration System
Today's application are based on the network as the main communication mediums for interconnecting between its peers. From this term, the importance of the network increased rapidly as the raise of technology and applica...