malwaremusings / unpacker Goto Github PK
View Code? Open in Web Editor NEWAutomated malware unpacker
Automated malware unpacker
C:\Python27\lib\site-packages\winappdbg\event.py:1855: EventCallbackWarning: Event handler pre-callback <main.MyEventHandler object at 0x00B18210> raised an exception: Traceback (most recent call last):
File "C:\Python27\lib\site-packages\winappdbg\event.py", line 1850, in dispatch
returnValue = self.eventHandler(event)
File "C:\Python27\lib\site-packages\winappdbg\event.py", line 1467, in __call
return method(event)
File "E:\unpack.py", line 895, in exit_process
log("[*] <%d:%d> Exit process event for %s: %d" % (pid,tid,event.get_filename(),event.get_exit_code()))
File "C:\Python27\lib\site-packages\winappdbg\event.py", line 926, in get_filename
return self.get_module().get_filename()
File "C:\Python27\lib\site-packages\winappdbg\event.py", line 947, in get_module
return self.get_process().get_main_module()
File "C:\Python27\lib\site-packages\winappdbg\process.py", line 931, in get_main_module
return self.get_module(self.get_image_base())
File "C:\Python27\lib\site-packages\winappdbg\module.py", line 907, in get_module
raise KeyError(msg)
KeyError: 'Unknown DLL base address 00400000'
File "unpack.py", line 927, in create_thread
"module_base": event.get_module_base(),
AttributeError: 'CreateThreadEvent' object has no attribute 'get_module_base'
File "e:\unpack.py", line 728, in post_InternetOpen
log("[*] <%d:%d> 0x%x: InternetOpen("%s",0x%x,"%s","%s",0x%x) = 0x%x" % (pid,tid,ra,szAgent,dwAccessType,szProxyName,szProxyByp
ass,dwFlags,retval))
NameError: global name 'pid' is not defined
create_process
exit_process
create_thread
load_dll
unhandled event
I stopped WinAppDbg attaching to child processes for some reason, but lately I've needed it, so will turn it back on again.
If I find situations where attaching to child processes isn't useful, again, I'll make this optional.
Hi,
It is not an issue per say and I did not try the tool yet.
The idea is very good and I would like to support the project.
Maybe it is worse to try this approach with r2pipe for radare2? This way we will get a multi-platform solution.
BZW: I am interested to learn you better and I like your reverse engineering skills. How can I contact you directly?
Greetings,
Tolik
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.