ARTeam: IDA plugin to depack aplib/lzma statically compressed data into IDA

Posted: September 25, 2008 in RE Tools

ARTeam: IDA plugin to depack aplib/lzma statically compressed data into IDA

Hi all,
deroko just released a plugin for IDA 5.2 and following, to decompress aplib or lzma packed data in your target when analyzing with IDA.

The plugin supports aPlib which is quite common in malware, but there’s also support for packman lzma compression, even if this one is very rare.

Run plugin by pressing CTRL+9 and you will be prompted with a window for unpacking or simply go to Edit->plugins->aplib depack

Full C sources are included, aswell. See the readme.txt for further details and instructions.

http://arteam.accessroot.com/releases.html

By Shub from ARtEAM

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s