| Title |
64-bit Imports Rebuilding and Unpacking |
| Type |
Slides
|
| Tags |
reverse engineering
|
| Abstract |
With 64-bit packers and protectors being released, there is presently a growing need to create new tools to facilitate the manual unpacking process and to make it as trivial as it is now for protected 32-bit executables. I'm proposing two brand-new tools: CHimpREC and CHimpREC-64, allowing the spirit of ImpREC to live on under the best possible compatibility with all the x64 versions of the Windows operating system. This talk is about explaining the inner-workings of coding a 32-bit imports rebuilder and the problems encountered due to the WoW64 environment and Address Space Layout Randomization. Next, is an overview of the differences between the PE and PE32+ formats and their impact on porting CHimpREC to 64-bit. Finally, 2 or 3 short live unpacking sessions with different examples of 64-bit packers and how trivial it has become to deal with them with the help of CHimpREC-64.
|
| Authors |
Sébastien Doucet
|
| Submitted |
April 20, 2009 |
| Rating |
Currently 0/5 stars (0 votes).
|
| Correlation |
| Linked to |
|
| Event |
REcon 2008
|
| Resource |
---
|
| Download |
| Source |
Sebastien%20Doucet%20-%20ReCon%202008%20Slides.zip |
| Size |
3.1 MB |
| MD5 |
f760703514d09fdf36db58cfab7204a0 |
| SHA1 |
00f864619195cf309e6941c3fc5754ccde73c97b |
top
