More visualization
 Ero Carrera (ero) <ero carrera gmailcom> |
Wednesday, November 23 2005 12:38.13 CST |
Now that Piotr mentioned about unpacking visualization in his blog here there's something more raw :)
Some time ago I was playing with live tracing of packers which happens to be a rather fun thing to do:
http://www.sabre-security.com/files/upx_unp.avi
Blue is the EIP location, Green the memory writes. The vertical axis is the memory range being visualized (some ppl might notice little blue occasionally, that's because DLL code was being run, which I left out from the visualized range)
Coming back to the packer topic just want mention, as Piotr rightly said in dailydave, that building on some nice heuristics on code "behavior" actually gets rid of lots of packer nastiness. (And if you do it outside the "bochs" ;) it becomes even more powerful... ahem...)
Comments
| Posted: Wednesday, December 31 1969 18:00.00 CST | |