Results 1 to 4 of 4

Thread: How can I learn to make an auto unpacking script for programs I have unpacked

  1. #1
    PimpDawg
    Guest

    Any documentation on auto unpacking programs and packers?

    Is there any documentation on memory mapping to unpack programs and making packers? Specifically, what would I have to look into for this? Memory mapping?
    Last edited by PimpDawg; June 24th, 2010 at 17:50.
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  2. #2
    Well, as with any programming project, enumerate the tasks that you want to accomplish, and then break those down into chunks. Then, use google for each chunk, and you should be moving along.

  3. #3
    There are various approaches on how to automate the task of unpacking. We got ODbgScript for example, allowing fast assembly-like scripting.

    Then, there are frameworks usable with various programming and scripting languages. You can either let your unpacker act as a debugger or inject some code into the target that hooks into some points useful for unpacking it...

    Tons of methods, all depending on your personal liking and/or programming/scripting experience.

  4. #4
    arebc
    Guest
    Quote Originally Posted by PimpDawg View Post
    Is there any documentation on memory mapping to unpack programs and making packers? Specifically, what would I have to look into for this? Memory mapping?
    I don't know if this will help but one possible solution would be to use ollydbg (on a packed file) as an API logger. You could log all the API calls, press play on a packed file, inspect the arguments around VirtualAlloc and other "memory mapping" APIs, then set BPs on interesting APIs, restart and then inspect the code to get a better understanding of the packer. To use Ollydbg as an api logger right click > search for > All Intermodular Calls > right click on the calls > Set Log Breakpoint on every command > Select option to Log Value of expression on Condition
    I promise that I have read the FAQ and tried to use the Search to answer my question.

Similar Threads

  1. PHPScriptExec & CloneDll script & TASM exports generator script
    By roxaz in forum Tools of Our Trade (TOT) Messageboard
    Replies: 1
    Last Post: July 18th, 2008, 17:36
  2. What do I have to learn
    By ShizoFraen in forum The Newbie Forum
    Replies: 18
    Last Post: September 17th, 2005, 11:38
  3. IDA auto function arguments
    By taylorjonl in forum Tools of Our Trade (TOT) Messageboard
    Replies: 5
    Last Post: May 3rd, 2005, 08:02
  4. auto.search.msn.com/response.asp
    By mike in forum Mini Project Area
    Replies: 11
    Last Post: July 6th, 2004, 14:09
  5. IDA auto param recognition on OLDER versions with VALUES!!
    By Aimless in forum Tools of Our Trade (TOT) Messageboard
    Replies: 9
    Last Post: November 17th, 2001, 08:13

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •