Jump to content
View in the app

A better way to browse. Learn more.
Tuts 4 You

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

Unpacker

Busted
Busted
in Programming and Coding

Featured Replies

Posted

Hey all,

I am searching for an unpacker source code coded in assembly :D , the reason for this is I want to start coding unpackers ;) you know teach myself. I havn't found any tutorials on coding unpacker's :unsure: if you happen to come across any let me know :D , anyways... your help is appreciated!

Tipidy

There was source code shipped with human's Safecast unpacker, if I remember correctly. Just search the forums :)

There are other (mostly MASM) sources, e.g. for yoda's protector, pec2 (also one by human I think), mew, ...

Couldnt find them that quickly, but I'll look for it if you cant find it yourself via google etc.

ap0x Unpacker Engine SDK

  • Author

Thank you Killboy and s0me0ne ;) for anyone else interested in this subject visit: http://exetools.com/unpackers.htm most of the unpacker's here come with source code :D

first to code unpackers you need to know how packer works, next you need to know how PE format is designed, then how IAT works.

without it no luck.

Tipidy

Check deroko's site, he has that DreamOfEveryReverser-Unpacking-Engine (huh, what a word), _really_ nice: http://deroko.phearless.org.

Have fun. :D

  • Author

Thank you metr0, appreciated! :D

Here's the source for pecompact unpacker. nice one to start.

Also attached the binary code.

;prosty unpacker dla pecompact napisany przez mirz

;wszystkie uwagi, bledy itp. wysylaj na e-mail:

;mirz@o2.pl

.386

.model flat,stdcall

OPTION CASEMAP:NONE

;biblioteki

include windows.inc

include user32.inc

includelib user32.lib

include kernel32.inc

includelib kernel32.lib

include comdlg32.inc

includelib comdlg32.lib

SetBreakpoint PROTO :DWORD ;procedura do stawiania breakpoint

SprawdzPE PROTO ;procedura do sprawdzania PE

SyganturaPeCompact PROTO ;procedura do sprawdzania czy jest PeCompact2.X

SzukajOEP PROTO

UsunBreakpoint PROTO :DWORD,:BYTE ;procedura sluzacza do usuwania breakpointa

SzukajIID PROTO

Dump PROTO

Zapisz PROTO

.CONST

.DATA

ofn OPENFILENAME <>

FilterString db "Pliki (*.exe)",0,"*.exe",0,0

szTitle db "[Un-PeCompact 0.1b] by mirz - Wybierz cel...",0

blad db "B│╣d",0

bladPlik db "Niemogŕ uzyska

un_pecompact_0.1b.zip

Here's the source for pecompact unpacker. nice one to start.

excellent, I do like it when it does what it says on the box :) cheers.

excellent... thnks

hi guys

here is a another PECompact 2.64/2.78a/2.79 (beta) Unpacker source in masm

greets

ragdog

Un2Pec.zip

  • Author

ragdog my man, this is exactly what I'm after. A straight forward, easy to follow unpacker :D . Thanks a million, now I can study and code ;) !

  • 1 month later...
ragdog my man, this is exactly what I'm after. A straight forward, easy to follow unpacker :D . Thanks a million, now I can study and code ;) !

And if you look for "about" in Un2Pec, you will see all the sources you need:

---------------------------

About

---------------------------

Especially thanks to:

Iczelion and his PE-Tutorials (http://win32assembly.online.fr/)

dzzie's 'Unterstanding IAT' (http://sandsprite.com/papers.html)

and Shub Nigurrath for some hints how to use ThreadContext in the right way :)

http://www.codebreakers-journal.com/index....Magazine/index/

and y0da (http://y0da.cjb.net/) - for the Lord PE

I don't think you can learn a lot from the horrible un2pec source ;) .

Of course you see how to make BPs, restore IAT or dump,

but if you aren't very familiar with PE and IAT formats you would not understood, _why_ it works.

I think, the main (and hardest) point of "coding an unpacker" is to find out the "generic" way

of unpacking the protection.

btw. unpackers for

ExeStealth(+ExeShield+Yoda'sCrypter),

Yoda's Protector 1.03,

MEW,

SoftwareCompress

Y0daUnProtector.zip

UnExeStealth.zip

SoftwareDeCompress.zip

MEWunpacker.zip

Edited by CDW

  • 4 months later...

thanks... :biggrin:

http://ap0x.jezgra.net/SDK.rar
  • 5 months later...
hi guys

here is a another PECompact 2.64/2.78a/2.79 (beta) Unpacker source in masm

greets

ragdog

tanks !

  • 4 weeks later...

ThnQ for the codes guys!!

  • 5 months later...
hi guys

here is a another PECompact 2.64/2.78a/2.79 (beta) Unpacker source in masm

greets

ragdog

ThX :yahoo:

  • 3 months later...

Was searching the net for a PECompact Unpacker. Found a few sites, but wouldn't let me register.. until i found Tuts 4 You :wub:

Thanks a lot for the amazing tools. They helped me unpack an important file :thumbsup:

Great site BTW :worthy:

'till later,

B2D ;) // from The Netherlands

Edited by born2download

Create an account or sign in to comment

Go to topic listing

Configure browser push notifications
Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.