Working with UPX - Manual Unpacking with IDA Pro, x32dbg and Scylla

Рет қаралды 12,042

Dr Josh Stroschein - The Cyber Yeti

Күн бұрын

Пікірлер: 16

@grigorecosmin Жыл бұрын

Very nice video. Can you do one about Themida?

@jstrosch Жыл бұрын

I’ll add it to my content list :) Thanks for the idea/suggestion

@evanmartin2 Жыл бұрын

Re the question at 6:40: At least in a program I was looking at, the reason for the multiple UPX1/UPX2 sections is for different flags on those sections -- UPX1 was marked executable and UPX2 was not.

@evanmartin2 Жыл бұрын

(Sorry, still watching the video...) You can see this at 7:15 that the sections have different flags.

@leadhigh7 Жыл бұрын

Thank you for your awesome video. Can you post the themida packed version one?

@jstrosch Жыл бұрын

This video only covers UPX - unless I've forgotten a part of it... :) Can you remind me where I mention that?

@TheHacktooth Жыл бұрын

nice video!, im new on reverse eng. and i try to crack/keygen a crackme, it is was packed with upx, and custom encryption.

@jstrosch Жыл бұрын

Interesting - did you figure it out?

@letrung3249 Жыл бұрын

Great explanation ! Thx a lot!

@jstrosch Жыл бұрын

You are welcome!

@johngotek Жыл бұрын

how to fix not showing hello world after dumping using scylla ?

@jstrosch Жыл бұрын

Generally after you DUMP with Scylla, then you want to FIX DUMP. This will resolve the import table. If that doesn’t correct any issues, there is likely something else going on. I would ensure that you dumped at the OEP and, if not, try again.

@MarkedUserName 3 ай бұрын

Could you make an x64 tutorial please?

@jstrosch 3 ай бұрын

Do you mean in general, such as an x64 assembly course?

@mugosquero 8 ай бұрын

Scylla was a thing in Prison Break, so I pronounce it the same as how the show does.

@jstrosch 8 ай бұрын

ah, interesting. I've looked it up a dozen times now but I always forget... I guess at this point I should just pick a pronunciation and stick with it