A packed file's data cannot be seen in plain sight, but if we let it run, everything is expected to be unpacked in its process space. What we aim to do is to produce a version of the file in its unpacked state. To do that, we need to dump the whole memory then extract the executable's process image to a file.
- Title Page
- Copyright and Credits
- Packt Upsell
- Contributors
- Preface
- Preparing to Reverse
- Identification and Extraction of Hidden Components
- The Low-Level Language
- Static and Dynamic Reversing
- Tools of the Trade
- RE in Linux Platforms
- RE for Windows Platforms
- Sandboxing - Virtualization as a Component for RE
- Binary Obfuscation Techniques
- Packing and Encryption
- Anti-analysis Tricks
- Practical Reverse Engineering of a Windows Executable
- Reversing Various File Types
- Other Books You May Enjoy
Dumping processes from memory
-
No Comment
..................Content has been hidden....................
You can't read the all page of ebook, please click here login for view all page.