DynamoRio based simple & generic unpacker.
DrUnpack inspects the memory of process during execution and dump suspicious memory regious. Executed memory is considered suspicious if it's writable or not mapped to any excutable (also libraries) file.
cd $PROJECT
mkdir build
cd build
cmake -DDynamoRIO_DIR=$DYNAMORIO_HOME/cmake ..
makedrrun -c $PROJECT/build/bin/libunpack.so -- /path/to/binary
The client creates dump for each suspicious memory being executed.
Theoretically, should support all platforms supported by DynamoRio.
Practically, it's been tested on:
- Linux (ubuntu)