Comments on: Tutorial: Finding the OEP of an Upacked binary file http://writequit.org/blog/2008/02/25/tutorial-finding-the-oep-of-an-upacked-binary-file/ Tu fui, ego eris Fri, 15 Aug 2014 11:26:27 +0000 hourly 1 http://wordpress.org/?v=4.1.5 By: :wq - blog » Blog Archive » Example malware unpacking and analysis: part 1, unpacking http://writequit.org/blog/2008/02/25/tutorial-finding-the-oep-of-an-upacked-binary-file/comment-page-1/#comment-297 Fri, 09 May 2008 23:22:52 +0000 http://writequit.org/blog/?p=150#comment-297 […] reverse engineering has always been incredibly interesting to me and I noticed that ever since my OEP finding tutorial for UPACK, I’ve also gotten a lot of google searches for “how to reverse malware” and other […]

]]>
By: upack http://writequit.org/blog/2008/02/25/tutorial-finding-the-oep-of-an-upacked-binary-file/comment-page-1/#comment-284 Wed, 23 Apr 2008 19:23:05 +0000 http://writequit.org/blog/?p=150#comment-284 […] not so easy to read. This is going to be a long post, but hey, at least it??ll have lots of picturhttp://writequit.org/blog/?p=150ABF Freight System, Inc – Wikipedia, the free encyclopediaFor a typical U-Pack move 3, ABF delivers […]

]]>
By: Aleksey F. http://writequit.org/blog/2008/02/25/tutorial-finding-the-oep-of-an-upacked-binary-file/comment-page-1/#comment-246 Tue, 26 Feb 2008 05:23:24 +0000 http://writequit.org/blog/?p=150#comment-246 Great job, Olly instructions should be about the same. Load it up, ignore all the warnings, single step until you see the ESP change (turns red), right click on ESP and select “Follow in Dump”, highlight the first 4 bytes in the hex dump window, right click on them, select Breakpoint -> Hardware on access ->Dword, run, when it breaks it should be on the OEP or jump to OEP. This description of course is very generic. I actually prefer to do this kind of stuff in Olly, I didn’t even know you can step through in IDA, so thanks!

]]>