Jump to content
Tuts 4 You
Sign in to follow this  
Busted

Unpacker

Recommended Posts

Busted

Hey all,

I am searching for an unpacker source code coded in assembly :D , the reason for this is I want to start coding unpackers ;) you know teach myself. I havn't found any tutorials on coding unpacker's :unsure: if you happen to come across any let me know :D , anyways... your help is appreciated!

Tipidy

Share this post


Link to post
Killboy

There was source code shipped with human's Safecast unpacker, if I remember correctly. Just search the forums :)

There are other (mostly MASM) sources, e.g. for yoda's protector, pec2 (also one by human I think), mew, ...

Couldnt find them that quickly, but I'll look for it if you cant find it yourself via google etc.

Share this post


Link to post
s0me0ne

ap0x Unpacker Engine SDK

Share this post


Link to post
human

first to code unpackers you need to know how packer works, next you need to know how PE format is designed, then how IAT works.

without it no luck.

Share this post


Link to post
metr0

Tipidy

Check deroko's site, he has that DreamOfEveryReverser-Unpacking-Engine (huh, what a word), _really_ nice: http://deroko.phearless.org.

Have fun. :D

Share this post


Link to post
Busted

Thank you metr0, appreciated! :D

Share this post


Link to post
zipera

Here's the source for pecompact unpacker. nice one to start.

Also attached the binary code.

;prosty unpacker dla pecompact napisany przez mirz

;wszystkie uwagi, bledy itp. wysylaj na e-mail:

;mirz@o2.pl

.386

.model flat,stdcall

OPTION CASEMAP:NONE

;biblioteki

include windows.inc

include user32.inc

includelib user32.lib

include kernel32.inc

includelib kernel32.lib

include comdlg32.inc

includelib comdlg32.lib

SetBreakpoint PROTO :DWORD ;procedura do stawiania breakpoint

SprawdzPE PROTO ;procedura do sprawdzania PE

SyganturaPeCompact PROTO ;procedura do sprawdzania czy jest PeCompact2.X

SzukajOEP PROTO

UsunBreakpoint PROTO :DWORD,:BYTE ;procedura sluzacza do usuwania breakpointa

SzukajIID PROTO

Dump PROTO

Zapisz PROTO

.CONST

.DATA

ofn OPENFILENAME <>

FilterString db "Pliki (*.exe)",0,"*.exe",0,0

szTitle db "[Un-PeCompact 0.1b] by mirz - Wybierz cel...",0

blad db "B│╣d",0

bladPlik db "Niemogŕ uzyska

un_pecompact_0.1b.zip

Share this post


Link to post
zako
Here's the source for pecompact unpacker. nice one to start.

excellent, I do like it when it does what it says on the box :) cheers.

Share this post


Link to post
Mouradpr

excellent... thnks

Share this post


Link to post
ragdog

hi guys

here is a another PECompact 2.64/2.78a/2.79 (beta) Unpacker source in masm

greets

ragdog

Un2Pec.zip

Share this post


Link to post
Busted

ragdog my man, this is exactly what I'm after. A straight forward, easy to follow unpacker :D . Thanks a million, now I can study and code ;) !

Share this post


Link to post
CDW
ragdog my man, this is exactly what I'm after. A straight forward, easy to follow unpacker :D . Thanks a million, now I can study and code ;) !

And if you look for "about" in Un2Pec, you will see all the sources you need:

---------------------------

About

---------------------------

Especially thanks to:

Iczelion and his PE-Tutorials (http://win32assembly.online.fr/)

dzzie's 'Unterstanding IAT' (http://sandsprite.com/papers.html)

and Shub Nigurrath for some hints how to use ThreadContext in the right way :)

http://www.codebreakers-journal.com/index....Magazine/index/

and y0da (http://y0da.cjb.net/) - for the Lord PE

I don't think you can learn a lot from the horrible un2pec source ;) .

Of course you see how to make BPs, restore IAT or dump,

but if you aren't very familiar with PE and IAT formats you would not understood, _why_ it works.

I think, the main (and hardest) point of "coding an unpacker" is to find out the "generic" way

of unpacking the protection.

btw. unpackers for

ExeStealth(+ExeShield+Yoda'sCrypter),

Yoda's Protector 1.03,

MEW,

SoftwareCompress

Y0daUnProtector.zip

UnExeStealth.zip

SoftwareDeCompress.zip

MEWunpacker.zip

Edited by CDW (see edit history)

Share this post


Link to post
xprj

thanks... :biggrin:

Share this post


Link to post
Xylitol
http://ap0x.jezgra.net/SDK.rar

Share this post


Link to post
kylls
hi guys

here is a another PECompact 2.64/2.78a/2.79 (beta) Unpacker source in masm

greets

ragdog

tanks !

Share this post


Link to post
Hageneesjuh

ThnQ for the codes guys!!

Share this post


Link to post
RmK-FreE
hi guys

here is a another PECompact 2.64/2.78a/2.79 (beta) Unpacker source in masm

greets

ragdog

ThX :yahoo:

Share this post


Link to post
born2download

Was searching the net for a PECompact Unpacker. Found a few sites, but wouldn't let me register.. until i found Tuts 4 You :wub:

Thanks a lot for the amazing tools. They helped me unpack an important file :thumbsup:

Great site BTW :worthy:

'till later,

B2D ;) // from The Netherlands

Edited by born2download (see edit history)

Share this post


Link to post

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  
×
×
  • Create New...