Re: PAPER: Generic Unpacking of Self-modifying, Aggressive, Packed Binary Programs

["Piotr Bania" <bania.piotr () gmail com>]

> Hi Piotr,

Hey,

> Any information with regards to how MMMBoB performs when trying to
> unpack a bit more obfuscated/aggressive packers like Themida / VMprotect ?

As stated in section 7 (Limitations) my unpacker will not be much help when 
unpacking a virtual machine based protector like Themida / VMprotect.


> On a side note:
> I  see  often that some generic unpackers are rarely cited/referenced,
> although they are interesting and perform astonishingly well.
>
> Here are two generic unpackers I think deserve some exposure too :
>
> - RL!unpack
>  http://ap0x.jezgra.net/unpackers.html
>  (tested against 101+ packers/mods)
>
> - Quickunpack
>   http://rapidshare.com/files/104264619/qunpack21.zip


I know ap0x did some cool antidebugging tricks before :-) Anyway i see there 
are a lot of custom unpackers (on his website) for a lot of known packers - 
however i'm unable to see a one generic one (?) - well still excellent 
things. On the side note deroko (yo man) did some cool underground unpacking 
stuffs, however most of his stuffs (i belive) is still unpublic so i cannot 
refer to them much.

Regarding Quickunpack, to be honest I have never used it but i surely will 
give it a try. Thanks.

- pb



-- 
--------------------------------------------------------------------
Piotr Bania - <bania.piotr () gmail com> - 0xCD, 0x19
Fingerprint: 413E 51C7 912E 3D4E A62A  BFA4 1FF6 689F BE43 AC33
http://www.piotrbania.com  - Key ID: 0xBE43AC33
--------------------------------------------------------------------

               - "The more I learn about men, the more I love dogs."




_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/