Teddy Rogers Posted May 22, 2007 Share Posted May 22, 2007 Private Personal Packer 1.0.2http://tuts4you.com/download.php?view.1645Ted. Link to comment Share on other sites More sharing options...
pavka Posted May 22, 2007 Share Posted May 22, 2007 It not Packer It is bad clone Daemon Crypt 100ххххх E8 AE000000 CALL <JMP.&kernel32.WriteProcessMemory> 100ххххх 8B47 34 MOV EAX,DWORD PTR DS:[EDI+34] 100ххххх 0347 28 ADD EAX,DWORD PTR DS:[EDI+28] ; <----OEP <--Dump it 100ххххх A3 04310010 MOV DWORD PTR DS:[10003104],EAX Link to comment Share on other sites More sharing options...
Killboy Posted May 22, 2007 Share Posted May 22, 2007 Everytime I dump it, the code section seems destroyed :/ Is there some sort of CRC of the file that decrypts the code section ? Ive found OEP and dumped after SetThreadContext, but yeh, the code section is crap Link to comment Share on other sites More sharing options...
pavka Posted May 22, 2007 Share Posted May 22, 2007 @KillboyIn LordPe dump Partial & Rebuild Pe : options Validate Pe, Status Window ^) Link to comment Share on other sites More sharing options...
-kNiGhT- Posted May 23, 2007 Share Posted May 23, 2007 Hy!I have unpackt it after a hard work!http://files.to/get/458925/10043/unpackt.rargreetz Link to comment Share on other sites More sharing options...
Candyman Posted May 23, 2007 Share Posted May 23, 2007 unpacked it successful greetz http://ultrashare.net/hosting/fl/9815c00c40 Link to comment Share on other sites More sharing options...
rendari Posted May 23, 2007 Share Posted May 23, 2007 unpacked it successful greetz http://ultrashare.net/hosting/fl/9815c00c40 Thats the ASCrypt one? Link to comment Share on other sites More sharing options...
pavka Posted May 24, 2007 Share Posted May 24, 2007 Small script var p var p1 var sz var rgn mov p1,eip mov p,eip add p,60 mov [p],#EB# add p,8E bp p run bc p mov sz,eax sto mov rgn,eax add p1,3F9 bp p1 run bc p1 dm rgn, sz, "D:\CrackTools\Protector\PPP\PPP\dump.exe" // edit fo you Msg "File Unpacked!" ret Link to comment Share on other sites More sharing options...
Candyman Posted May 24, 2007 Share Posted May 24, 2007 unpacked it successful greetz http://ultrashare.net/hosting/fl/9815c00c40 Thats the ASCrypt one? its the file that was on the link Link to comment Share on other sites More sharing options...
azmo Posted June 20, 2007 Share Posted June 20, 2007 Everytime I dump it, the code section seems destroyed :/Is there some sort of CRC of the file that decrypts the code section ? Ive found OEP and dumped after SetThreadContext, but yeh, the code section is crap dump after ResumeThread ,and after you patch the new process. when you dump, dump with LoadPE (dump Full) and make sure you remove the option in LordPE dump full: paste header from disk then fix the patched dump and you'll have a working file, you can use the same method used in unpacking Open Source Code Crypter 1.0 the tutorial here azmo Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now