Pin unpacking and anti-evasion

Dependencies

PIN
Scylla
Visual studio 2010
IDAPro 6.6

Installation

Download the linked version of PIN
Unzip PIN to the root directory and rename the folder to pin
Clone this repository
Open the file PinUnpacker.sln with Visual Studio 2010 ( NB: The version is mandatory )
Set your IDAPro path in Log.cpp ( const Log::IDA_PATH )
Copy the folders FindOEPPin\PinUnpackerDependencies and FindOEPPin\PinUnpackerResults in C:\pin\
Compile the solution

	\---C
	    \---pin
			   \+---source
			   	| 	     
			   	|
			   	|
			   \+---PinUnpackerResults
			   	|
			   	|
			   	|
			   	|
			   \+---PinUnpackerDependencies 
			   	|						  \---badImportsChecker.py
			   	|			              \---badImportsList.txt
			   	|						  \---dumperSelector.py
			   	|						  \---Scylla
			   	|								\---ScyllaDLLx64.dll
			   	|								\---ScyllaDLLx86.dll
			   	|								\---ScyllaDumper.exe
			   	|
			   \+---FindOEPPin.dll

Usage

Run this command from the directory C:\pin\

pin -t FindOEPPin.dll -- <path_to_the_exe_to_be_instrumented>

Check your result in C:\pin\PinUnpackerResults\< current_date_and_time >\

About

A pintool in order to unpack malware and avoid the evasion techniques

Languages

Language:C++ 98.2%Language:C 1.0%Language:Python 0.6%Language:Makefile 0.1%Language:Batchfile 0.1%