ARTeam: Unpacking 4 Simple Packers with IDA Videotut by TiGa [Archive]

View Full Version : ARTeam: Unpacking 4 Simple Packers with IDA Videotut by TiGa

Shub-nigurrath

01-23-2009, 05:31 PM

Hi all,
this is a quite complex/long video tutorial (12Mb). In my opinion it is a must, to really learn how to use the debugger functionality that IDA offers. It's interface is quite different, compare to OllyDbg, and somehow less intuitive IMHO, but not less powerfull (for some aspects IDA Debugger is absolutely the best in class). It's just the matter of getting used to it, surely!

In this video tutorial TiGa explains how to unpack a program, packed with four different simple packers (UPX, ASPack, FSG, Escargot), all the times using IDA Interactive Disassembler Pro. The package includes all the required things to replicate the experience: scripts, programs either packed or unpacked.

I thing you'll enjoy it and possibly will learn how to use IDA even on its debugger side.

Unpacking 4 Simple Packers with IDA Videotut by TiGa

Take it here:
http://xchg.info/ARTeam/Tutorials/index.php?dir=ARTeam_Tutorials/&file=Unpacking_4_Simple_Packers_with_IDA_Videotut_by_TiGa.rar

BR,
Shub

naides

01-25-2009, 09:05 AM

Thanks Shub for the announcement add TiGa for the tut. Small detail: My Antivirus (AVG) claims that several of the files (The ones containing the sample programs packed or unpacked) are infected with a Trojan. False positive?

Shub-nigurrath

01-25-2009, 11:57 AM

absolutely yes, the problem is that simple free packers like those used for examples are often used for malwares as well. Signatures have then drifted detecting any application packed like that as malware.. For the unpacked ones might be some portion of the signatures detected was left in the dumps..anyway it's 100% ARTeam quality :-D

evaluator

01-26-2009, 03:58 AM

naides! it's unbeleaveable from you, talking about false positives..

anonim

02-12-2009, 06:40 PM

a real great and pushing forward tut,
ID ho.
best regards,
anonim.

edit:
oh man, thats realy what has been looked for, thats realy something else,
i wish u blessings and happiness,
for Tiga, if you'll see this post ever,
bingo,
u just saved my life.

.. (well, those smilies are especialy ugly but then again, if u understand IDA, u'll probably get their point too..

).

2nd edit,:
oh, man, thats just such a proffesional debugger, if it wasn't for that tutorial, i wouldn't have got a hinch of it in a ...
long time!!
i owe u so much,
best regards!

look..:
it just goes on and on!!!,
and...,
it's nice...
and,
it's just the beggining of it,..!!!
yooooooo..!!
we'll see what comes next...

at the end,

just a brilliant tutorial!!!
c ya all..!
bye..