Jump to content
Tuts 4 You

Unpacker


Busted

Recommended Posts

Hey all,

I am searching for an unpacker source code coded in assembly :D , the reason for this is I want to start coding unpackers ;) you know teach myself. I havn't found any tutorials on coding unpacker's :unsure: if you happen to come across any let me know :D , anyways... your help is appreciated!

Tipidy

Link to comment

There was source code shipped with human's Safecast unpacker, if I remember correctly. Just search the forums :)

There are other (mostly MASM) sources, e.g. for yoda's protector, pec2 (also one by human I think), mew, ...

Couldnt find them that quickly, but I'll look for it if you cant find it yourself via google etc.

Link to comment

Here's the source for pecompact unpacker. nice one to start.

Also attached the binary code.

;prosty unpacker dla pecompact napisany przez mirz

;wszystkie uwagi, bledy itp. wysylaj na e-mail:

;mirz@o2.pl

.386

.model flat,stdcall

OPTION CASEMAP:NONE

;biblioteki

include windows.inc

include user32.inc

includelib user32.lib

include kernel32.inc

includelib kernel32.lib

include comdlg32.inc

includelib comdlg32.lib

SetBreakpoint PROTO :DWORD ;procedura do stawiania breakpoint

SprawdzPE PROTO ;procedura do sprawdzania PE

SyganturaPeCompact PROTO ;procedura do sprawdzania czy jest PeCompact2.X

SzukajOEP PROTO

UsunBreakpoint PROTO :DWORD,:BYTE ;procedura sluzacza do usuwania breakpointa

SzukajIID PROTO

Dump PROTO

Zapisz PROTO

.CONST

.DATA

ofn OPENFILENAME <>

FilterString db "Pliki (*.exe)",0,"*.exe",0,0

szTitle db "[Un-PeCompact 0.1b] by mirz - Wybierz cel...",0

blad db "B│╣d",0

bladPlik db "Niemogŕ uzyska

un_pecompact_0.1b.zip

Link to comment

ragdog my man, this is exactly what I'm after. A straight forward, easy to follow unpacker :D . Thanks a million, now I can study and code ;) !

Link to comment
  • 1 month later...
ragdog my man, this is exactly what I'm after. A straight forward, easy to follow unpacker :D . Thanks a million, now I can study and code ;) !

And if you look for "about" in Un2Pec, you will see all the sources you need:

---------------------------

About

---------------------------

Especially thanks to:

Iczelion and his PE-Tutorials (http://win32assembly.online.fr/)

dzzie's 'Unterstanding IAT' (http://sandsprite.com/papers.html)

and Shub Nigurrath for some hints how to use ThreadContext in the right way :)

http://www.codebreakers-journal.com/index....Magazine/index/

and y0da (http://y0da.cjb.net/) - for the Lord PE

I don't think you can learn a lot from the horrible un2pec source ;) .

Of course you see how to make BPs, restore IAT or dump,

but if you aren't very familiar with PE and IAT formats you would not understood, _why_ it works.

I think, the main (and hardest) point of "coding an unpacker" is to find out the "generic" way

of unpacking the protection.

btw. unpackers for

ExeStealth(+ExeShield+Yoda'sCrypter),

Yoda's Protector 1.03,

MEW,

SoftwareCompress

Y0daUnProtector.zip

UnExeStealth.zip

SoftwareDeCompress.zip

MEWunpacker.zip

Edited by CDW
Link to comment
  • 4 months later...
  • 5 months later...
  • 4 weeks later...
  • 5 months later...
  • 3 months later...
born2download

Was searching the net for a PECompact Unpacker. Found a few sites, but wouldn't let me register.. until i found Tuts 4 You :wub:

Thanks a lot for the amazing tools. They helped me unpack an important file :thumbsup:

Great site BTW :worthy:

'till later,

B2D ;) // from The Netherlands

Edited by born2download
Link to comment

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...