Busted Posted September 23, 2007 Posted September 23, 2007 Hey all, I am searching for an unpacker source code coded in assembly , the reason for this is I want to start coding unpackers you know teach myself. I havn't found any tutorials on coding unpacker's if you happen to come across any let me know , anyways... your help is appreciated! Tipidy
Killboy Posted September 23, 2007 Posted September 23, 2007 There was source code shipped with human's Safecast unpacker, if I remember correctly. Just search the forums There are other (mostly MASM) sources, e.g. for yoda's protector, pec2 (also one by human I think), mew, ... Couldnt find them that quickly, but I'll look for it if you cant find it yourself via google etc.
Busted Posted September 24, 2007 Author Posted September 24, 2007 Thank you Killboy and s0me0ne for anyone else interested in this subject visit: http://exetools.com/unpackers.htm most of the unpacker's here come with source code
human Posted September 24, 2007 Posted September 24, 2007 first to code unpackers you need to know how packer works, next you need to know how PE format is designed, then how IAT works.without it no luck.
metr0 Posted September 24, 2007 Posted September 24, 2007 Tipidy Check deroko's site, he has that DreamOfEveryReverser-Unpacking-Engine (huh, what a word), _really_ nice: http://deroko.phearless.org. Have fun.
zipera Posted September 29, 2007 Posted September 29, 2007 Here's the source for pecompact unpacker. nice one to start. Also attached the binary code.;prosty unpacker dla pecompact napisany przez mirz;wszystkie uwagi, bledy itp. wysylaj na e-mail:;mirz@o2.pl.386.model flat,stdcallOPTION CASEMAP:NONE;bibliotekiinclude windows.incinclude user32.incincludelib user32.libinclude kernel32.incincludelib kernel32.libinclude comdlg32.incincludelib comdlg32.libSetBreakpoint PROTO :DWORD ;procedura do stawiania breakpointSprawdzPE PROTO ;procedura do sprawdzania PESyganturaPeCompact PROTO ;procedura do sprawdzania czy jest PeCompact2.XSzukajOEP PROTOUsunBreakpoint PROTO :DWORD,:BYTE ;procedura sluzacza do usuwania breakpointaSzukajIID PROTODump PROTOZapisz PROTO.CONST.DATA ofn OPENFILENAME <> FilterString db "Pliki (*.exe)",0,"*.exe",0,0 szTitle db "[Un-PeCompact 0.1b] by mirz - Wybierz cel...",0 blad db "B│╣d",0 bladPlik db "Niemogŕ uzyskaun_pecompact_0.1b.zip
zako Posted September 29, 2007 Posted September 29, 2007 zipera said: Here's the source for pecompact unpacker. nice one to start. excellent, I do like it when it does what it says on the box cheers.
ragdog Posted October 1, 2007 Posted October 1, 2007 hi guyshere is a another PECompact 2.64/2.78a/2.79 (beta) Unpacker source in masmgreetsragdogUn2Pec.zip
Busted Posted October 2, 2007 Author Posted October 2, 2007 ragdog my man, this is exactly what I'm after. A straight forward, easy to follow unpacker . Thanks a million, now I can study and code !
CDW Posted November 13, 2007 Posted November 13, 2007 (edited) Tipidy said: ragdog my man, this is exactly what I'm after. A straight forward, easy to follow unpacker . Thanks a million, now I can study and code ! And if you look for "about" in Un2Pec, you will see all the sources you need: Quote ---------------------------About --------------------------- Especially thanks to: Iczelion and his PE-Tutorials (http://win32assembly.online.fr/) dzzie's 'Unterstanding IAT' (http://sandsprite.com/papers.html) and Shub Nigurrath for some hints how to use ThreadContext in the right way http://www.codebreakers-journal.com/index....Magazine/index/ and y0da (http://y0da.cjb.net/) - for the Lord PE I don't think you can learn a lot from the horrible un2pec source . Of course you see how to make BPs, restore IAT or dump, but if you aren't very familiar with PE and IAT formats you would not understood, _why_ it works. I think, the main (and hardest) point of "coding an unpacker" is to find out the "generic" way of unpacking the protection. btw. unpackers for ExeStealth(+ExeShield+Yoda'sCrypter), Yoda's Protector 1.03, MEW, SoftwareCompress Y0daUnProtector.zip UnExeStealth.zip SoftwareDeCompress.zip MEWunpacker.zip Edited November 13, 2007 by CDW
kylls Posted September 9, 2008 Posted September 9, 2008 ragdog said: hi guyshere is a another PECompact 2.64/2.78a/2.79 (beta) Unpacker source in masmgreetsragdogtanks !
RmK-FreE Posted March 17, 2009 Posted March 17, 2009 ragdog said: hi guyshere is a another PECompact 2.64/2.78a/2.79 (beta) Unpacker source in masm greets ragdog ThX
born2download Posted July 7, 2009 Posted July 7, 2009 (edited) Was searching the net for a PECompact Unpacker. Found a few sites, but wouldn't let me register.. until i found Tuts 4 You Thanks a lot for the amazing tools. They helped me unpack an important file Great site BTW 'till later, B2D // from The Netherlands Edited July 7, 2009 by born2download
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now