Posted December 27, 200717 yr Packed by [Mine noname packer] Build Today, 02:13:02 GMT +2.Packed file: Resource Hacker (If wouldn't be so lazy, i would make programm, which shows only MSG Box).ResHacker.rarP.S> I would like hear ideas, how to make it more powerfull.P.S.S> in VirusTotal 6 from 32 AV's says that is a something bad. http://www.virustotal.com/resultado.html?6...712aab04844f987 Edited December 27, 200717 yr by 4e4en
December 27, 200717 yr Dunno if it's just my crappy PC or me or actually intended to be like this, but I haven't been able to dump it properly.Dumping with Ollydump makes it crash when you open the About window, LordPE+ImpRec doesn't work either, crashes at startup.If I'm not mistaken, it has something to do with the resources or smth, not really sure tho...Very embarassing indeed, didn't take a deeper look into it, might do it later this evening...Finding OEP is pretty easy, you should consider using no exceptions, at least not if it's the only one. Finding the only INT3 is a lot easier than finding the last INT3 of hundreds, however if you use some sort of jump eax or push eax+retn it'll be less easier to find the OEP.Some decent antidebug in there, but nothing serious, works flawlessly in an Olly with basic antidebug measures...
December 27, 200717 yr Author But no resources is nice, isn't it so? now i am rewriteing some parts of it, now i am implementing self modifying code (like rewriteing some parts of it with int 3 ). Now i am learning ASM, and i have an idea, to write self-decrypting decryptor (ok something like that ) Edited December 27, 200717 yr by 4e4en
December 28, 200717 yr Author Which Os? Did you try to run it with out debuggers? What AV/Fw you have?Tested & Working on Legal WinXP + SP2 + All Updates Edited December 28, 200717 yr by 4e4en
December 28, 200717 yr Works fine on English xp sp1 too. Don't know what you mean by "But no resources is nice, isn't it so?"
December 29, 200717 yr Script unpack no Imprec Olly + Fantom ---------- var pnd var oep var iat_st var iat_cp var iat_al var sz var end_cp var i_st var ith var imbase var itwr var iat_end mov oep,4aba30 mov imbase,400000 mov i_st,4af00c mov iat_al,330004 mov iat_end,4af188 mov pnd,4dd3eb bphws pnd,"x" erun bphwc pnd mov [iat_al],00 add iat_al,4 loopdl: cmp i_st,iat_end ja fin mov ith,[i_st+4] add ith,400000 mov iat_cp,[i_st] add iat_cp,400000 cmp end_cp,331A95 ja fin find iat_al,#00# mov end_cp,$RESULT sub end_cp,iat_al MEMCPY iat_cp,iat_al,end_cp add iat_al,end_cp+1 add i_st,14 loopfn: cmp [ith],0 je nexdll mov iat_cp,[ith] add iat_cp,400002 find iat_al,#00# mov end_cp,$RESULT sub end_cp,iat_al MEMCPY iat_cp,iat_al,end_cp add iat_al,end_cp+1 add ith,4 cmp end_cp,331Aa1 ja fin jmp loopfn fin: mov eip,oep mov [400180],AF000 mov [400188],BE000 mov [40018c],83800 dpe "unpacked.exe",eip msg "File Unpacked Try run " ret nexdll: add iat_al,8 jmp loopdl
December 29, 200717 yr Smart arse nah I was just too lazy. Out of curiosity what was it preventing it running on your os before?.
December 29, 200717 yr On my system it is not started, and has not understood why! Started on pure XP SP1
Create an account or sign in to comment