Chapter 10. Packing and Encryption
As a continuation of what we have learned about obfuscation, we will now introduce a set of tools which are categorized to defend software from reverse engineering. The result of using these tools, such as packers and crypters, is a transformed version of the original executable file which still behaves exactly as the original flow of code behavior did. Based on the tool used, we will discuss what a transformed executable would look like and how execution of the transformed file takes place.
We have picked the UPX tool to demonstrate how packers work at low-level and to show techniques that can be used to reverse it.
Note
There are many free packers available in the internet that are commonly used by malicious author to pack their software (fsg, yoda, aspack), but for the sake of simplicity we will focus on the simplest of them all UPX.
This chapter will use Windows as our environment and will be debugging with x86Dbg
or OllyDbg
. We will also show how the Volatility...