2
A little disassembler for MPress packer...
source link: https://reverse.put.as/2009/07/23/a-little-disassembler-for-mpress-packer/
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
A little disassembler for MPress packer...
Since otool and otx can’t disassemble the packed binary, Andreas Gumundsson wrote a quick tool to do that job, using Udis86, a disassembler library for x86 and AMD64. Check the source to see the required compiler options.
Example usage:
$ ./disas -f mmpress.i386 -t macho | head -10
Found entrypoint inmemory address 0xd6b0
NCMDS 2
CMD 1
Looking in __MPRESS__v.1.21
Found entrypoint file offset 0x36b0
sub ebx, ebx
mov edi, ebx
call 0xd6b9
pop eax
add eax, 0x27c
Original source available here, and a local copy here.
By the way, Blackhat USA and DEFCON will have a few OS X related presentations! Good luck to Ghalen on his presentation about Runtime kernel patching (I started exploring this subject but since I’m a lame ass coder I couldn’t finish it hehehehe! Glad he did it so I can try to implement some ideas I had).
Recommend
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK