Samuel Hopstock
Samuel Hopstock
Some packers provoke exceptions (e.g. access violations or CPU exceptions) to trick debuggers, and then continue execution in the corresponding exception handler
Use cases: - no packer recognized -> manually select one - wrong packer recognized -> override selection
If we manage to get it running nicely with GDB, things like #25 #26 and #27 will be available at the same time
Use a logger with different log levels, if possible with the ability to retroactively dump a report from the shell
Provide ability to import API call implementations from external python files: provide access to internal apicall.py state, then each API call implementation can handle their respective task but can be...
Some samples deliberately try to crash non-genuine loaders like pefile by using corrupted headers or relocation information. We should investigate creating an own loader that extends pefile's capabilities by supporting...
When an image base address is smaller than 0x100000 (see [reloaderd](https://github.com/unipacker/unipacker/files/3662618/reloaderd-clean-dump.zip)) we have a problem as this clashes with the stack space (0x0 - 0x100000). We need to move the...
With an I/O plugin, we could do things like `r2 unipacker://:` and let it connect to our current unipacker instance. Then, live disassembling can happen during emulation, without needing to...
Break at any address, whenever a certain condition about register values etc holds
Only activate the breakpoint on specific value in specific register (eax == 42), specific value in any register (r32 == 42), when register points to a certain string etc.