| Title |
64-bit Imports Rebuilding and Unpacking - Part2 |
| Type |
Video
|
| Tags |
reverse engineering
|
| Abstract |
With 64-bit packers and protectors being released, there is presently a growing need to create new tools to facilitate the manual unpacking process and to make it as trivial as it is now for protected 32-bit executables. I'm proposing two brand-new tools: CHimpREC and CHimpREC-64, allowing the spirit of ImpREC to live on under the best possible compatibility with all the x64 versions of the Windows operating system. This talk is about explaining the inner-workings of coding a 32-bit imports rebuilder and the problems encountered due to the WoW64 environment and Address Space Layout Randomization. Next, is an overview of the differences between the PE and PE32+ formats and their impact on porting CHimpREC to 64-bit. Finally, 2 or 3 short live unpacking sessions with different examples of 64-bit packers and how trivial it has become to deal with them with the help of CHimpREC-64.
|
| Authors |
Sébastien Doucet
|
| Submitted |
April 20, 2009 |
| Rating |
Currently 0/5 stars (0 votes).
|
| Correlation |
| Linked to |
---
|
| Event |
REcon 2008
|
| Resource |
---
|
| Download |
| Source |
RECON2008-T19-Sebastien_Doucet-64-bit_Imports_Rebuilding_and_Unpacking-Part2.avi |
| Size |
153.5 MB |
| MD5 |
451974a7fc8fe18c5aff6b544072e27b |
| SHA1 |
d5bdcf1182f38bc0319bbda0a4d764000166e1d0 |
top
