Results 1 to 5 of 5

Thread: ARTeam: Unpacking 4 Simple Packers with IDA Videotut by TiGa

  1. #1
    Super Moderator Shub-nigurrath's Avatar
    Join Date
    May 2004
    Location
    Obscure Kadath
    Posts
    430

    ARTeam: Unpacking 4 Simple Packers with IDA Videotut by TiGa

    Hi all,
    this is a quite complex/long video tutorial (12Mb). In my opinion it is a must, to really learn how to use the debugger functionality that IDA offers. It's interface is quite different, compare to OllyDbg, and somehow less intuitive IMHO, but not less powerfull (for some aspects IDA Debugger is absolutely the best in class). It's just the matter of getting used to it, surely!

    In this video tutorial TiGa explains how to unpack a program, packed with four different simple packers (UPX, ASPack, FSG, Escargot), all the times using IDA Interactive Disassembler Pro. The package includes all the required things to replicate the experience: scripts, programs either packed or unpacked.

    I thing you'll enjoy it and possibly will learn how to use IDA even on its debugger side.

    Unpacking 4 Simple Packers with IDA Videotut by TiGa

    Take it here:
    http://xchg.info/ARTeam/Tutorials/index.php?dir=ARTeam_Tutorials/&file=Unpacking_4_Simple_Packers_with_IDA_Videotut_by_TiGa.rar


    BR,
    Shub
    (`._.[*~-.,.-~* ŜħůβŇĝŕřāŧħ ₪*~-.,.-~*]._.)
    There are only 10 types of people in the world: Those who understand binary, and those who don't
    http://www.accessroot.com

  2. #2
    Naides is Nobody
    Join Date
    Jan 2002
    Location
    Planet Earth
    Posts
    1,647
    Thanks Shub for the announcement add TiGa for the tut. Small detail: My Antivirus (AVG) claims that several of the files (The ones containing the sample programs packed or unpacked) are infected with a Trojan. False positive?

  3. #3
    Super Moderator Shub-nigurrath's Avatar
    Join Date
    May 2004
    Location
    Obscure Kadath
    Posts
    430
    absolutely yes, the problem is that simple free packers like those used for examples are often used for malwares as well. Signatures have then drifted detecting any application packed like that as malware.. For the unpacked ones might be some portion of the signatures detected was left in the dumps..anyway it's 100% ARTeam quality :-D
    Last edited by Shub-nigurrath; January 26th, 2009 at 07:16.
    (`._.[*~-.,.-~* ŜħůβŇĝŕřāŧħ ₪*~-.,.-~*]._.)
    There are only 10 types of people in the world: Those who understand binary, and those who don't
    http://www.accessroot.com

  4. #4
    Musician member evaluator's Avatar
    Join Date
    Sep 2001
    Posts
    1,479
    Blog Entries
    1
    naides! it's unbeleaveable from you, talking about false positives..

  5. #5
    anonim
    Guest

    great post man.

    a real great and pushing forward tut,
    ID ho.
    best regards,
    anonim.

    edit:
    oh man, thats realy what has been looked for, thats realy something else,
    i wish u blessings and happiness,
    for Tiga, if you'll see this post ever,
    bingo,
    u just saved my life... (well, those smilies are especialy ugly but then again, if u understand IDA, u'll probably get their point too.. ).

    2nd edit,:
    oh, man, thats just such a proffesional debugger, if it wasn't for that tutorial, i wouldn't have got a hinch of it in a ...
    long time!!
    i owe u so much,
    best regards!

    look..:
    it just goes on and on!!!,
    and...,
    it's nice...
    and,
    it's just the beggining of it,..!!!
    yooooooo..!!
    we'll see what comes next...

    at the end,
    just a brilliant tutorial!!!
    c ya all..!
    bye..
    Last edited by anonim; February 13th, 2009 at 22:18.
    I promise that I have read the FAQ and tried to use the Search to answer my question.

Similar Threads

  1. ARTeam: Simple Socket Fuzzer by Shub-Nigurrath
    By Shub-nigurrath in forum Tools of Our Trade (TOT) Messageboard
    Replies: 0
    Last Post: October 16th, 2012, 10:41
  2. ARTeam: Cracking & Unpacking ECompXL Packer V1 For Symbian Part3 by argv
    By Shub-nigurrath in forum Advanced Reversing and Programming
    Replies: 8
    Last Post: January 10th, 2008, 09:55
  3. ARTeam: Cracking & Unpacking eCompXL packer V1 for Symbian
    By Shub-nigurrath in forum Advanced Reversing and Programming
    Replies: 1
    Last Post: December 19th, 2007, 23:05
  4. [ARTeam] Unpacking.ActiveMark.v5.x.Advanced.Part2
    By condzero in forum Malware Analysis and Unpacking Forum
    Replies: 3
    Last Post: August 19th, 2005, 03:56
  5. [ARTeam] Unpacking.ActiveMark.v5.x.Basic.Part1
    By Shub-nigurrath in forum Malware Analysis and Unpacking Forum
    Replies: 4
    Last Post: July 10th, 2005, 08:28

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •