Binary Analysis
Entry point analysis Oct 28 2005 11:28AM
keydet89 yahoo com (1 replies)
Re: Entry point analysis Oct 28 2005 12:05PM
David Perez-Conde (david perez conde gmail com) (2 replies)
Re: Entry point analysis Oct 28 2005 12:15PM
Harlan Carvey (keydet89 yahoo com) (1 replies)
RE: Entry point analysis Oct 28 2005 03:14PM
Chris Eagle (cseagle redshift com)
> I'll try to be a little more specific...
>
> Is anyone pursuing any work in analyzing the byte
> sequences or code at the PE file entry point in order
> identify the obfuscator, packer, encrypter, or
> compiler used?
>
> Thanks,
>
> Harlan
>

Harlan,

The idea is discussed frequently among reversers. I don't know of any
generic OEP finders out there. You can look on this page
(http://www.openrce.org/downloads/browse/OllyDbg_OllyScripts) for various
OllyDbg scripts that have been developed for specific purposes. In the
latest generation of protectors, finding the OEP of the protected program is
becoming much more difficult. In Shiva for example, because it is a
multi-stage protector, when you get to what you might think is the OEP, you
are actually at the start of the Shiva runtime manager. In SOTM 33, there
was no traditional OEP because it unwrapped into a virtual machine and you
still were faced with reversing the virtual machine, and the program that it
interpreted.

Chris

[ reply ]
Re: Entry point analysis Oct 28 2005 12:08PM
Harlan Carvey (keydet89 yahoo com) (1 replies)
Re: Entry point analysis Oct 28 2005 12:26PM
David Perez-Conde (david perez conde gmail com)


 

Privacy Statement
Copyright 2010, SecurityFocus