| 发明名称 |
AUTOMATED UNPACKING OF PORTABLE EXECUTABLE FILES |
| 摘要 |
Automated unpacking of a portable executable file includes setting a debugging breakpoint at an original entry point address of a packed portable executable file. A debugging process is executed for the packed portable executable file to obtain a debugged portable executable file in memory. One or more of import address table data and relocation table data are collected during execution of the debugging process for the packed portable executable file. The debugged portable executable file in memory is copied to a storage medium, and the debugging process is terminated. |
| 申请公布号 |
US2016253253(A1) |
申请公布日期 |
2016.09.01 |
| 申请号 |
US201615150046 |
申请日期 |
2016.05.09 |
| 申请人 |
Reversing Labs Holding GmbH |
发明人 |
Pericin Tomislav |
| 分类号 |
G06F11/36 |
主分类号 |
G06F11/36 |
| 代理机构 |
|
代理人 |
|
| 主权项 |
1. A computer implemented method comprising:
setting, by a computing device, a debugging breakpoint at an original entry point address of a packed portable executable file; executing, by the computing device, a debugging process for the packed portable executable file to obtain a debugged portable executable file; adding a new section to the debugged portable executable file; and pasting into the debugged portable executable file in the new section one or more of an import address table of the import table data and a relocation table of the relocation table data collected during execution of the debugging process for the packed portable executable file. |
| 地址 |
Zurich CH |
