Jump to content
Tuts 4 You

[unpackme] Keris :d

B_S

By B_S
in UnPackMe

 Share

Recommended Posts

B_S

B_S

Posted
Posted

This is my first unpackme.. :D

The exe protected with KERIS protector....

Maybe is very easy ... :P

UnPackMe_1.rar

Teddy Rogers

Teddy Rogers

Posted
Posted

It crashes when I try to execute it :dunno: However at a quick glance it looks like the main part of the file is a crypted overlay with a loader to decrypt it - am I correct?

Is Keris a new team packer/protector, I have never heard of it before, where to get it?

Ted.

Ufo-Pu55y

Ufo-Pu55y

Posted
Posted

Hm... just tried it. I had a BSOD... :|

Loki

Loki

Posted
Posted

Crashes for me too but not looked into it.

pavka's unpacked one works fine though. The skin is indeed nice - the work of JetCodE! from ICU.

Ufo-Pu55y

Ufo-Pu55y

Posted
Posted

After another try and a 2nd BSOD -

but, yes, pavka's unpacked one works fine...

pavka

pavka

Posted
Posted

Smal script

1 Layer

//////////////////////////////////////////////

var rgn

var sz

GPA "VirtualAlloc","kernel32.dll"

bp $RESULT

run

BC eip

rtu

rtr

sti

FIND eip,#6681384D5A#

bp $RESULT

run

bc eip

mov rgn,eax

find rgn,#5045#

mov sz,$RESULT

add sz,50

mov sz,[sz]

eval " damp partial in LordPe select IntelDump address:{rgn} , size:{sz}"

msg $RESULT

ret

////////////////////////////////////////////////

2 Layer

////////////////////////////////////////////////

var rgn

var sz

GPA "VirtualAlloc","kernel32.dll"

bp $RESULT

run

BC eip

rtu

FIND eip,#F3A4#

bp $RESULT

run

bc eip

mov rgn,esi

find rgn,#5045#

mov sz,$RESULT

add sz,50

mov sz,[sz]

dm rgn, sz, "dump.exe"

Msg "File Unpacked!"

ret

zako

zako

Posted
Posted

Seems the only requirement is run it in a debugger, crashes for me if not. When the parent process terminates dump the second process with lordpe and thats it, no fixing at all needed.

Guest nick_name

Guest nick_name

Posted
Posted (edited)

it used to run on my computer ... bt from last night it's crashing and this error message pops up: Runtime error 216 at FFF000F0

tmpiz7.jpg
Edited by nick_name
B_S

B_S

Posted
  • Author
Posted

@Teddy Rogers

KERIS is handmade by Indonesian Reverser and still evaluation so not for public right now :D

@pavka

Great job man :D

B_S

B_S

Posted
  • Author
Posted (edited)

@zako

This unpackme just protected with mophine :D

with just dump the unpackme, without repairing it will be done :D

try the second unpackme :D

Edited by B_S

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing
×
×
  • Create New...