Teddy Rogers Posted May 22, 2007 Posted May 22, 2007 Private Personal Packer 1.0.2http://tuts4you.com/download.php?view.1645Ted.
pavka Posted May 22, 2007 Posted May 22, 2007 It not Packer It is bad clone Daemon Crypt 100ххххх E8 AE000000 CALL <JMP.&kernel32.WriteProcessMemory> 100ххххх 8B47 34 MOV EAX,DWORD PTR DS:[EDI+34] 100ххххх 0347 28 ADD EAX,DWORD PTR DS:[EDI+28] ; <----OEP <--Dump it 100ххххх A3 04310010 MOV DWORD PTR DS:[10003104],EAX
Killboy Posted May 22, 2007 Posted May 22, 2007 Everytime I dump it, the code section seems destroyed :/ Is there some sort of CRC of the file that decrypts the code section ? Ive found OEP and dumped after SetThreadContext, but yeh, the code section is crap
pavka Posted May 22, 2007 Posted May 22, 2007 @KillboyIn LordPe dump Partial & Rebuild Pe : options Validate Pe, Status Window ^)
-kNiGhT- Posted May 23, 2007 Posted May 23, 2007 Hy!I have unpackt it after a hard work!http://files.to/get/458925/10043/unpackt.rargreetz
Candyman Posted May 23, 2007 Posted May 23, 2007 unpacked it successful greetz http://ultrashare.net/hosting/fl/9815c00c40
rendari Posted May 23, 2007 Posted May 23, 2007 unpacked it successful greetz http://ultrashare.net/hosting/fl/9815c00c40 Thats the ASCrypt one?
pavka Posted May 24, 2007 Posted May 24, 2007 Small script var p var p1 var sz var rgn mov p1,eip mov p,eip add p,60 mov [p],#EB# add p,8E bp p run bc p mov sz,eax sto mov rgn,eax add p1,3F9 bp p1 run bc p1 dm rgn, sz, "D:\CrackTools\Protector\PPP\PPP\dump.exe" // edit fo you Msg "File Unpacked!" ret
Candyman Posted May 24, 2007 Posted May 24, 2007 unpacked it successful greetz http://ultrashare.net/hosting/fl/9815c00c40 Thats the ASCrypt one? its the file that was on the link
azmo Posted June 20, 2007 Posted June 20, 2007 Everytime I dump it, the code section seems destroyed :/Is there some sort of CRC of the file that decrypts the code section ? Ive found OEP and dumped after SetThreadContext, but yeh, the code section is crap dump after ResumeThread ,and after you patch the new process. when you dump, dump with LoadPE (dump Full) and make sure you remove the option in LordPE dump full: paste header from disk then fix the patched dump and you'll have a working file, you can use the same method used in unpacking Open Source Code Crypter 1.0 the tutorial here azmo
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now