Private Personal Packer 1.0.2

http://tuts4you.com/download.php?view.1645

Ted.

It not Packer It is bad clone Daemon Crypt

100ххххх E8 AE000000 CALL <JMP.&kernel32.WriteProcessMemory>

100ххххх 8B47 34 MOV EAX,DWORD PTR DS:[EDI+34]

100ххххх 0347 28 ADD EAX,DWORD PTR DS:[EDI+28] ; <----OEP <--Dump it

100ххххх A3 04310010 MOV DWORD PTR DS:[10003104],EAX

Everytime I dump it, the code section seems destroyed :/

Is there some sort of CRC of the file that decrypts the code section ?

Ive found OEP and dumped after SetThreadContext, but yeh, the code section is crap

@Killboy

In LordPe dump Partial & Rebuild Pe : options Validate Pe, Status Window ^)

Hy!

I have unpackt it after a hard work!

http://files.to/get/458925/10043/unpackt.rar

greetz

unpacked it successful

greetz

http://ultrashare.net/hosting/fl/9815c00c40

unpacked it successful

greetz

http://ultrashare.net/hosting/fl/9815c00c40

Thats the ASCrypt one?

Small script

var p

var p1

var sz

var rgn

mov p1,eip

mov p,eip

add p,60

mov [p],#EB#

add p,8E

bp p

run

bc p

mov sz,eax

sto

mov rgn,eax

add p1,3F9

bp p1

run

bc p1

dm rgn, sz, "D:\CrackTools\Protector\PPP\PPP\dump.exe" // edit fo you

Msg "File Unpacked!"

ret

unpacked it successful

greetz

http://ultrashare.net/hosting/fl/9815c00c40

Thats the ASCrypt one?

its the file that was on the link

Everytime I dump it, the code section seems destroyed :/

Is there some sort of CRC of the file that decrypts the code section ?

Ive found OEP and dumped after SetThreadContext, but yeh, the code section is crap

dump after ResumeThread ,and after you patch the new process. when you dump, dump with LoadPE (dump Full) and make sure

you remove the option in LordPE

dump full: paste header from disk

then fix the patched dump and you'll have a working file, you can use the same method used in unpacking Open Source Code Crypter 1.0 the tutorial here

azmo