Angel-55 Posted May 31, 2007 Posted May 31, 2007 (edited) PiONEER removed the missing API's that the program looks for it's addresses that makes the file run without problems lol nice one bro'.......... Killboy i donno how the f**k you got the section names back but cool work bro' and thanks for testing UFO-Pu55y !! i donno what happened but suddenly ImportREC worked another way is attached here no changes at all !! Cheers To All Another_Way.rar Edited May 31, 2007 by Angel-55
Whiterat Posted May 31, 2007 Posted May 31, 2007 (edited) Ah comeon guys, these things are always about finess and beauty. Similar to the "Who can build the smallest PE file" (yeh got carried away a bit...lol) Got it down to 3.22kb, could probably get it down to 2 ish, but that would be a bit overkill, im fairly sure this wont work on win2k, and if I got it down to 2kb I can guarentee it wont work on win2k. EDIT: You dont need to strip API's, or alter the code section at all once dumped, repositioning findwindow and isdebugger beforehand would be wise though so as not to confuse imprec Killboy: Yep, Nicest work so far For the sake of tidyness, you could wipe rdata and also imports can be located in a pre-existing section to save space. Whiterat.rar Edited May 31, 2007 by Whiterat
Angel-55 Posted June 1, 2007 Posted June 1, 2007 Whiterat, cool tips lol i never shrink small sized files i strip packers protections sections only not such ones as in here the packer remaned them and it's cool to return everything the way it was before but after it works i don't think there is any need to waste my time with this work unless i'am bored but the challenge is easy 4 sec to unpack it fully not much of work but it's cool he packed the damn file many with same packer and that sucks even though there are other packers used too thats what made SC dump on stages not easy though but there is a way to get OEP in 5 sec it's easy............ still it's really impressive from you guys to shrink the file's size that much it f**ken great............!! you are right i should have handled them before lol but WTH i got them with ImportREC's filter and add them slowly to the file that made it run "secodn solution" as for my first way it's funny for injecting code i used GetProcAddress & LoadLibraryA to get handles of DLL and address of API easy though nothing much special with it it's easy to accomplish Cheers To All
Mouradpr Posted June 5, 2007 Author Posted June 5, 2007 this a tut for unpack this Challenge.... Challenge_2007____tut.rar
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now