RECON2008 talk: 64-bit Imports Rebuilding and Unpacking by Sébastien Doucet (IITAC)
IITAC member Sébastien Doucet gave a talk on 64-bit Imports Rebuilding and Unpacking at RECON2008.
With 64-bit packers and protectors being released, there is presently a growing need to create new tools to facilitate the manual unpacking process and to make it as trivial as it is now for protected 32-bit executables. I’m proposing two brand-new tools: CHimpREC and CHimpREC-64, allowing the spirit of ImpREC to live on under the best possible compatibility with all the x64 versions of the Windows operating system.
This talk is about explaining the inner-workings of coding a 32-bit imports rebuilder and the problems encountered due to the WoW64 environment and Address Space Layout Randomization. Next, is an overview of the differences between the PE and PE32+ formats and their impact on porting CHimpREC to 64-bit. Finally, 2 or 3 short live unpacking sessions with different examples of 64-bit packers and how trivial it has become to deal with them with the help of CHimpREC-64.
IITAC - Sponsor of the RECON conference! Free IDA Pro training!
RECON is a computer security conference being held in Montreal. The conference offers a single track of presentations over the span of three days. RECON also offers a variety of technical training courses that take place just before the conference dates. The conference is 13-15 June 2008.
IITAC is a sponsor of the conference in Canada, Montréal. IITAC will give a free lunch workshop on IDA Pro during the conference!
IDA Pro Bootcamp + IITAC Certified IDA Pro Professional (CIDAP)
The IDA Pro Bootcamp and IITAC Certified IDA Pro Professional (CIDAP) provides with a high sophisticated training trail an ultimate way to show your proven excellence in the field of using IDA Pro in various IT security relevant knowledge domains to address the many challenges of software protection, malware, or exploitation analysis.
Participants get trained with relevant standards, procedures, and methods of using IDA Pro and get trained with high practical background. With successful training and certification participants are able to fulfill extensive binary security analysis and binary auditing processes on software systems and software security environments using IDA Pro. The certification is part of the training trail. The IITAC Certified IDA Pro Professional qualification is aimed at people involved in advanced Binary Auditing. This includes people in roles such as protectionists, malware analysts, exploit developers, security testers or software developers. This professional level qualification is also appropriate for anyone who wants an advanced understanding of Binary Auditing, such as students or security consultants.
-
Security Labs Blog
- IT Underground XI 2008: The Damn Vulnerable Linux Project - Steps beyond ethical hacking! (by T. Schneider)
- IT Underground XI 2008: 64-bit Imports Rebuilding and Unpacking (by S. Doucet)
- RECON2008 talk: 64-bit Imports Rebuilding and Unpacking by Sébastien Doucet (IITAC)
- IITAC - Sponsor of the RECON conference! Free IDA Pro training!
- Microsoft Security Risk Management Guide - Worth a look?
- IT Underground XI 2008: The Damn Vulnerable Linux Project - Steps beyond ethical hacking! (by T. Schneider)
-
IDA Pro Training
Get trained to analyze malware, vulnerability or copy protections with the no. 1 binary analysis tool IDA Pro!
Cognitive Debugging™
The debugging skill of the programmer is probably the biggest factor in the ability to debug a problem, but the difficulty of software debugging varies. Cognitive Debugging™ trains debugging with respect to brain and mental abilities! Both combined result is most powerful debugging results!Scientific Hacking™
Go far beyond classical ethical hacking! Instead of using tools only look under the hood, instead of making multiple choice tests only get certified by true practical assessments!
-
Get in touch
-
Get your free copy!
