View Full Version : Question about packers
maybnxtseasn
09-10-2010, 12:06 PM
from my understanding packer's only obsfucate code in the binary while the .exe is not loaded into memory. Once the program is loaded into memory the programs is unobsfucated for it to be able to run properly! Is this correct? for example if i want to find a hardcoded string, i cannot use a dissassembler since the code of the binary will be obsfucated? but if i load the binary into a debugger and search for a hardcoded string i will be able to locate it since this program is unpacked in memory?? is this correct if not could anyone please correct my misinterpretation on what is going on :) -thx
That's true of traditional packers, but more and more packers are now using Virtual Machine techniques which make it almost impossible to unpack. The unpacked binary never exists for a VM packed exe, as the program is translated into pseudocode and a pseudo processor which executes that code is loaded at run time.
Git
maybnxtseasn
09-10-2010, 02:46 PM
ok thank you and one last question i have is. How come when i open a binary file in notepad it has a bunch of jibberish? is this jibberish Machinelanguage(0's and 1's) or opcodes/assembly language?
vBulletin® v3.6.4, Copyright ©2000-2015, Jelsoft Enterprises Ltd.