Download Safari Books Online apps: Apple iOS | Android

Entire Site

Safari Books Online

    Free Trial

    Safari Books Online is a digital library providing on-demand subscription access to thousands of learning resources.


    • Create BookmarkCreate Bookmark
    • Create Note or TagCreate Note or Tag
    • PrintPrint
    Share this Page URL
    Help

    C. Solutions to Labs > Lab 18-1 Solutions

    Lab 18-1 Solutions

    Lab18-01.exe is Lab 14-1 Solutions packed with a slightly modified version of UPX, one of the most popular packers encountered in the wild. The modifications to UPX make it more resistant to signature detection. When you run PEiD on the packed executable, it does not detect the packer. However, a section in the file named UPX2 should make you suspect that a UPX-like packer is being used. Running UPX –d on the packed file fails because of the modifications made to the packer.

    We first try to unpack the program manually by loading the program in OllyDbg to find the OEP. First, we simply page down through the code to see if the tail jump is obvious. As you can see in Example C-173, it is.

    Example C-173. Tail jump for the modified UPX packer


      

    You are currently reading a PREVIEW of this book.

                                                                                            

    Get instant access to over
    $1 million worth of books and videos.

      

    Start a Free Trial


      
    • Safari Books Online
    • Create BookmarkCreate Bookmark
    • Create Note or TagCreate Note or Tag
    • PrintPrint