At this stage, using x86dbg
, we are going to unpack a packed executable. In this debugging session, we will be unpacking a UPX packed file. Our target will be to reach the original host's entry point. Besides this UPX packed file, we have provided packed samples in our GitHub page that can be used for practice.
The Ultimate Packer for eXecutables
, also known as UPX, can be downloaded from https://upx.github.io/. The tool itself can pack Windows executables. It is also able to restore or unpack UPX packed files. To see it in action, we used the tool on the file original.exe
. This is shown in the following example:
Notice that the original file size reduced after being packed.