Книга: Practical Malware Analysis: The Hands-On Guide to Dissecting Malicious Software
Назад: Lab 18-1 Solutions
Дальше: Lab 18-3 Solutions
.. look like the start of a function, further convincing us that we have found the OEP. Scrolling down a little, we also see the string www.practicalmalwareanalysis.com, which is further evidence that this is part of the original program and not the unpacking stub.Next, we dump the process to a disk using Plugins ▸ OllyDump ▸ Dump Debugged Process. Leave all of the default options, click Dump, and select a filename for the dumped process.
Now, we’re finished. We can view the program’s imports and strings, and easily analyze it with IDA Pro. A quick analysis reveals that this is the same code as Lab07-02.exe.
Назад: Lab 18-1 Solutions
Дальше: Lab 18-3 Solutions
Войти в систему
Войти с помощью соц. сетей:
look like the start of a function, further convincing us that we have found the OEP. Scrolling down a little, we also see the string
www.practicalmalwareanalysis.com, which is further evidence that this is part of the original program and not the unpacking stub.Next, we dump the process to a disk using Plugins ▸ OllyDump ▸ Dump Debugged Process. Leave all of the default options, click Dump, and select a filename for the dumped process.
Now, we’re finished. We can view the program’s imports and strings, and easily analyze it with IDA Pro. A quick analysis reveals that this is the same code as Lab07-02.exe.
Назад: Lab 18-1 Solutions
Дальше: Lab 18-3 Solutions
Войти в систему
Войти с помощью соц. сетей: