Functions
def	kernel32_GetProcAddress (jitter)

def	stop (jitter)

Variables
	parser = Sandbox_Win_x86_32.parser(description="Generic UPX unpacker")

	help

	action

	options = parser.parse_args()

	load_hdr

	loc_db = LocationDB()

	sb

	level

	mdis = sb.machine.dis_engine(sb.jitter.bs, loc_db=loc_db)

	dont_dis_nulstart_bloc

	asmcfg = mdis.dis_multiblock(sb.entry_point)

	leaves = list(asmcfg.get_bad_blocks())

	l = leaves.pop()

	end_offset = mdis.loc_db.get_location_offset(l.loc_key)

	fname = os.path.join(bname, fname.replace('.', '_'))

string	out_fname = fname + '_unupx.bin'

	jitter

	libs

	e_orig

Function Documentation

◆ kernel32_GetProcAddress()

def unpack_upx.kernel32_GetProcAddress ( jitter )

Hook on GetProcAddress to note where UPX stores import pointers

Here is the call graph for this function:

◆ stop()

def unpack_upx.stop ( jitter )

Variable Documentation

◆ action

unpack_upx.action

◆ asmcfg

unpack_upx.asmcfg = mdis.dis_multiblock(sb.entry_point)

◆ dont_dis_nulstart_bloc

unpack_upx.dont_dis_nulstart_bloc

◆ e_orig

unpack_upx.e_orig

◆ end_offset

unpack_upx.end_offset = mdis.loc_db.get_location_offset(l.loc_key)

◆ fname

unpack_upx.fname = os.path.join(bname, fname.replace('.', '_'))

◆ help

unpack_upx.help

◆ jitter

unpack_upx.jitter

◆ l

unpack_upx.l = leaves.pop()

◆ leaves

unpack_upx.leaves = list(asmcfg.get_bad_blocks())

◆ level

unpack_upx.level

◆ libs

unpack_upx.libs

◆ load_hdr

unpack_upx.load_hdr

◆ loc_db

unpack_upx.loc_db = LocationDB()

◆ mdis

unpack_upx.mdis = sb.machine.dis_engine(sb.jitter.bs, loc_db=loc_db)

◆ options

unpack_upx.options = parser.parse_args()

◆ out_fname

unpack_upx.out_fname = fname + '_unupx.bin'

◆ parser

unpack_upx.parser = Sandbox_Win_x86_32.parser(description="Generic UPX unpacker")

◆ sb

unpack_upx.sb

Initial value:

 =  Sandbox_Win_x86_32(
     loc_db, options.filename, options, globals(),
     parse_reloc=False
 )

Functions

Variables