Skip navigation.
Home

Defeating HyperUnpackMe2 With an IDA Processor Module

RolfRolles has written an excellent article at OpenRCE about reverse engineering a sophisticated packer called HyperUnpackMe2.

"Modern protectors mutilate the original code section, use virtual machines operating upon polymorphic bytecode languages to slow reverse engineering, and take active measures to frustrate attempts to dump the process. Meanwhile, the complexity of the import protections and the amount of anti-debugging measures has steadily increased.

This article dissects such a protector and offers a static unpacker through the use of an IDA processor module and a custom plugin. The commented IDB files and the processor module source code are included. In addition, an appendix covers IDA processor module construction. In short, this article is an exercise in overkill. "

hey

Hi,

You have a very cool blog here…loved the content.
U know there is an awesome opportunity for people like you who have ur own blogs n sites…I came across this site called Myndnet.com…it’s a platform for people to buy and sell IT related information. and everytime you sell some information you get paid for it…Good money for people like us in the IT domain. Here the link http://www.myndnet.com/login.jsp?referral=alpa83&channel=al224

Sign up is free…check it out…
You can contact me at my id here for more questions : barot.alpa@gmail.com

Cheers
Alpa