1-Olly-scripting.zip

----------------------------------------

ImportREC – used for manually fixing import address table (IAT)

ODBGScript – used for automating tasks with OllyDbg

Olly Scripts-Tuts4You – database of 900+ scripts for the ODBGScript plug-in

Olly-Scripts-Crackers – 1000+ scripts I got off some cracking forum

ARTeam.Ezine.Number2.pdf – online magazine issue that has an article about writing OllyDbg scripts

ODbgScript.txt – lists all of the keywords/APIs for writing Olly scripts

UPX 1.xx – 2.xx – 3.00.txt – sample Olly script used to unpack UPX packed exe’s

2-OllyPython.zip

---------------------------------------------

Python Plugin – Olly plugin for writing python scripts

Python-2.5.msi – installs Python 2.5

3-Immdbg-python

----------------------------------------------

upx.py – script I wrote that finds OEP in upx packed malware, execute this with !upx.py <moduleName>

Example usage: !upx Lab18-01.exe

UnpackMe’s

----------------------------------------------------

Quiz6.exe

solPacked.exe

antire test.exe

Resources

---------------------------------------

http://flylib.com/books/en/4.287.1.16/1/ -conditional log breakpoints for OllyDbg

http://www.ihtb.org/security/quickrefs/OllyDbg_quickref.pdf -OllyDbg commandline usage

https://code.google.com/p/corkami/ -reverse engineering and visual documentations

http://eikonal.wordpress.com/2011/02/28/code-analysis-debugging-and-reverse-engineering-code-security/

https://www.corelan.be/index.php/2010/01/26/starting-to-write-immunity-debugger-pycommands-my-cheatsheet/

http://tekwizz123.blogspot.com/2012/04/pycommands-tutorial.html

LessonNotes.txt

Assignment 3:

assignment3.exe is a packed version of solitaire. Unpack and patch assignment3.exe so that a player can win solitaire instantly and see a splash-screen/message-box

with the names of the people in your team. Once you have figured out how to unpack and patch assignment3.exe, you must also automate the process unpacking and patching the packed version. This would be an OllyScript, Olly Python script, Immunity Debug Python scripts, etc ... Teams can be of 1 or 2 people. All programs must work on our VM setup of Windows XP-SP3.

Due date: April 18th, 11:59PM, 10% off each day that it is late

Submission is by email with subject line:Malware Class Assignment 3

Submission materials: 1 zip file containing

(10 pts) assignment3.exe that is unpacked and patched as described. Must complete automation and document to receive points.

(30 pts) Scripts/other materials that automate the process of unpacking and patching of assignment3.exe

(60 pts) 1 document that describes each challenge faced during unpacking and patching and how your team overcame it.

Screen shots are a must.

assignment3.exe