Generic Unpacking:
https://www.youtube.com/watch?v=h9RiBJ06MAQ
I know it might be too easy, but whatever works.
1) Put a HW BP on the stack access, when the stack is changed for first time.
2) Run till it breaks.
3) Find the original entry point from a next jump (push, ret).
4) Dump the unpacked code.
Please explain.
Script would also do :-).
Generic Request = https://www.youtube.com/watch?v=KlujizeNNQM
I know it may be nothing, but I want 1 billion USD to be donated to the radare2 project
Please transfer.
Bitcoin would also do :-)
Do you want to argue that there is 1 bill.. invested in Olly?
I fill that there is a not technical discussion involved. I don't really want to go that way.
Am I asking too much?
The way you asked is like : please do it for me 👎
If you have begin something I will really be happy to help you 👍
On 26 Jul 2016, at 16:17, MariasStory [email protected] wrote:
Generic Unpacking:
https://www.youtube.com/watch?v=h9RiBJ06MAQ https://www.youtube.com/watch?v=h9RiBJ06MAQ
I know it might be too easy, but whatever works.1) Put a HW BP on the stack access, when the stack is changed for first time.
sr SP
dmp 02) Run till it breaks.
dc
3) Find the original entry point from a next jump (push, ret).
e search.in=dbg.maps.exec
pd 10~jmp
4) Dump the unpacked code.
wt
Please explain.
Script would also do :-).
—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub https://github.com/radare/radare2/issues/5382, or mute the thread https://github.com/notifications/unsubscribe-auth/AA3-lr7Oa04kht5c0rcz-O8w2PWUkSdzks5qZhb7gaJpZM4JVMYu.
Thanks @Maijin, you seems to be an involved and knowing person.
I didn't ask to help. I can do it with olly :-)
The problem is that olly is limited to 32 bit. I just want to have a good and flexible way to do reverse engineering.
Thanks @radare, you always have detailed and technical answers.
I'll try this solution 👍
Maybe there could be a collection of general malware reverse engineering examples (scripts), so that new users can quickly get to use r2 in their daily doing?
o/
Well there are lot of stuff but it's a bit everywhere see:
Most helpful comment
Generic Request = https://www.youtube.com/watch?v=KlujizeNNQM
I know it may be nothing, but I want 1 billion USD to be donated to the radare2 projectPlease transfer.
Bitcoin would also do :-)