Code packing brings?a?new?conception?to protect software, but it also serves as an umbrella for malicious code. It has been intensified that malware using packing techniques to evade detection and it troubles analysts due to the massive variants of malware produced by code packing. Traditional unpacking methods based on feature matching gradually become inapplicable because they can’t cope with the change of shell version and type, so a general unpacking method would be very useful. In this paper, we proposed a common unpacking method based on dynamic binary analysis platform, according to the property that packer will restore the original code during the process of executing. The experimental results show that our method can effectively locate the original entry point of the program, extract the code that has been hidden, and can get the accurate image size of the process in the memory, which can effectively realize dynamic unpacking of the shell code.
