pavka Posted December 7, 2007 Share Posted December 7, 2007 Protected Private exe Protector 2.40All protections enabledUnpacme_Private_exe_Protector_2.40.rar Link to comment Share on other sites More sharing options...
Apakekdah Posted December 10, 2007 Share Posted December 10, 2007 it's very hard... to me Link to comment Share on other sites More sharing options...
Guest divx2003 Posted December 19, 2007 Share Posted December 19, 2007 Thank! Link to comment Share on other sites More sharing options...
What Posted December 21, 2007 Share Posted December 21, 2007 That big section trick is one of the most annoying tricks I have seen. Not hard to beat, but you pretty much have to deal with it unless you have a computer to handle a 820 mb dump, or whatever it would be. Link to comment Share on other sites More sharing options...
pavka Posted December 21, 2007 Author Share Posted December 21, 2007 @WhatIt is not obligatory to do dump all section Link to comment Share on other sites More sharing options...
What Posted December 23, 2007 Share Posted December 23, 2007 @WhatIt is not obligatory to do dump all sectionTrue, but my computer is not great so I have to do it because I will get some bad lag or a process burner when I load it into a debugger without doing it. Link to comment Share on other sites More sharing options...
revert Posted December 23, 2007 Share Posted December 23, 2007 It seems to hook some API's as wellPossible hook found in KERNEL32.dll.FindResourceA Rva:0001DCBB File:mov edi,edipush ebpmov ebp,esppush byte 0push dword [ebp+C]push dword [ebp+10]push dword [ebp+8]call 761ADBDDMemory:jmp 306E0000...Possible hook found in KERNEL32.dll.FindResourceExA Rva:0001DBDD File:push byte 20push dword 761ADC78call 761A1280xor edi,edimov [ebp-20],edimov [ebp-30],edimov [ebp-2C],edimov [ebp-4],ediMemory:jmp 306F0000...Possible hook found in KERNEL32.dll.FindResourceExW Rva:0001C6E1 File:push byte 20push dword 761AC778call 761A1280xor edi,edimov [ebp-20],edimov [ebp-30],edimov [ebp-2C],edimov [ebp-4],ediMemory:jmp 30700000...Possible hook found in KERNEL32.dll.FindResourceW Rva:0001F01E File:mov edi,edipush ebpmov ebp,esppush byte 0push dword [ebp+C]push dword [ebp+10]push dword [ebp+8]call 761AC6E1Memory:jmp 30710000...Possible hook found in KERNEL32.dll.LoadResource Rva:0001C26C File:push byte 10push dword 761AC280call 761A1280jmp 761CB7B9nop nop nop Memory:jmp 30720000...Possible hook found in KERNEL32.dll.SizeofResource Rva:0001E3EC File:push byte 10push dword 761AE400call 761A1280jmp 761CB80Anop nop nop Memory:jmp 30730000...Example:306E0000 pushf 306E0001 mov [esp],eax306E0004 mov eax,[esp+8]306E000B cmp eax,400000306E0011 jnz 306E001E306E0017 pop eax306E0018 push dword 2DE952E8306E001D ret 306E001E cmp eax,0306E0024 jnz 306E0031306E002A pop eax306E002B push dword 2DE952E8306E0030 ret 306E0031 pop eax306E0032 mov edi,edi306E0034 push ebp306E0035 mov ebp,esp306E0037 pushf 306E0038 mov dword [esp],761ADCC0306E003F ret ... Link to comment Share on other sites More sharing options...
Killboy Posted December 23, 2007 Share Posted December 23, 2007 Guess that's used for the stolen resources protection.This one's pretty annoying, found one tutorial that actually dealt with, it was Russian though :-( Link to comment Share on other sites More sharing options...
pavka Posted December 23, 2007 Author Share Posted December 23, 2007 @jstorme its emulate api Fresh tutor In Russian, The author is best knows about PEP http://www.sendspace.com/file/lg6hxt Link to comment Share on other sites More sharing options...
revert Posted December 23, 2007 Share Posted December 23, 2007 Thank you pavka.I'll run them through systran and study them. Link to comment Share on other sites More sharing options...
Apakekdah Posted December 24, 2007 Share Posted December 24, 2007 @jstormeits emulate api Fresh tutor In Russian, The author is best knows about PEP http://www.sendspace.com/file/lg6hxt can u reupload it again... please... Link to comment Share on other sites More sharing options...
Teddy Rogers Posted December 24, 2007 Share Posted December 24, 2007 It looks like a really good paper, it would be nice if someone could translate it in to English...Comicses.7zTed. Link to comment Share on other sites More sharing options...
pavka Posted January 15, 2008 Author Share Posted January 15, 2008 packed Pep 2.50 all option enabledProject.rar Link to comment Share on other sites More sharing options...
Apakekdah Posted January 24, 2008 Share Posted January 24, 2008 packed Pep 2.50 all option enabledthis is much harder... my olly close... when try to run it Link to comment Share on other sites More sharing options...
Sonny27 Posted January 24, 2008 Share Posted January 24, 2008 Hm, I "studied" the new v2.55 and with HideOD and the standard olly fixes (I think human wrote a topic about that?!) it runs fine in my Olly.Already found start of OEP I think but complete unpacking seems to be way too hard for me.greetz Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now