Jump to content
Tuts 4 You

unpacker stubs?

high6

By high6
in Programming and Coding

Recommended Posts

high6

high6

Posted
Posted

I was wondering how do packer makers make stubs? Do they program a unpack stub in say C++ then get the bytecodes and have the unpacker use the bytecodes as a base stub?

Killboy

Killboy

Posted
Posted (edited)

I'm not that sure what you're referring to, packers or unpackers :?

If youre talking about packers, you can basically go three ways:

- code the stub with asm and use offset independent code, this is hardly possible with any high level language (most smaller packers, FSG, RLPack, etc.)

- code a virtual dll that you load into memory, most stuff is done in there (ASPro, Arma)

- code a stub dll and put it into a new section, the reloc table is used for relocating offsets to the new RVA (ie all offsets increased by NewSectionRVA)

Edited by Killboy
high6

high6

Posted
  • Author
Posted
I'm not that sure what you're referring to, packers or unpackers :?

If youre talking about packers, you can basically go three ways:

- code the stub with asm and use offset independent code, this is hardly possible with any high level language (most smaller packers, FSG, RLPack, etc.)

- code a virtual dll that you load into memory, most stuff is done in there (ASPro, Arma)

- code a stub dll and put it into a new section, the reloc table is used for relocating offsets to the new RVA (ie all offsets increased by NewSectionRVA)

Okay thanks, thats what I was talking about.

Which is the most common?

human

human

Posted
Posted

maybe just google so then you will know!

for example coding own packer

or down upx sources, its all there.

metr0

metr0

Posted
Posted

I'd say the last method's the easiest for writing the stub, but needs a bit more coding concerning the builder (just fixing relocations). I myself use the first method (in Assembler), I also did an approach with C/C++ for the stub, but there are more restrictions for labels, thus it's easier to do it in asm. ;)

The second method needs some (lowlevel) stub which loads the dll, following the material on the net (Bauch, Shub, ...), this should be also not too hard to implement.

high6

high6

Posted
  • Author
Posted

Well I plan on coding an unpack stub in VC++6. Anyone know the macro to make all calls inside a function inline?

metr0

metr0

Posted
Posted

Yep, it's __forceinline (inline let's the compiler decide whether to inline it or not). Apply it like this:

long __forceinline GimmeSomeKernelBase();

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Go to topic listing
×
×
  • Create New...