Jump to content
Tuts 4 You

Morphine 2.xx (Unpacking & Inline Patching)


Teddy Rogers

About This File

Morphine is primarily a wrapper/encryptor originally designed to encrypt already compressed executables with the likes of UPX to prevent the original file being detected. It uses a polymorphic engine so all newly encrypted executables will never be the same. It also uses a PE loader which puts the entire source image to the .text section of the new PE file which helps to prevent the image being dumped from memory with tools like LordPE and OllyDump. This believe it or not is the weakness which we will be exploiting in this tutorial.

There are already a few tutorials on the internet for unpacking Morphine but I want to talk about methods that have not been approached before. Mainly I want to talk about inline patching but I will also describe an extremely easy way of unpacking it completely and in its original unpacked content in less than a couple of minutes without having to use a PE tool to manually correct section information. Yep! It is actually really very simple. I was also going to talk a little in depth about the way it works but as it is no longer being developed I don�t think there is much need to analyse this encryptor further.

I will be working with and referring to UnPackMe_Morphine2.7b.exe from Tuts 4 You website throughout this tutorial.


User Feedback

Recommended Comments

There are no comments to display.

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...