Nooby Posted November 20, 2008 Share Posted November 20, 2008 (edited) not so much for protecting, I made it just to prove the point that protection can be done in many different ways :/the goal is to make a scriptDetemida_np.rar Edited November 20, 2008 by Nooby Link to comment Share on other sites More sharing options...
blaCke Posted November 20, 2008 Share Posted November 20, 2008 won't run on my pc (sudden reboot each time started!!!) Link to comment Share on other sites More sharing options...
zer0patches Posted November 21, 2008 Share Posted November 21, 2008 Runs fine on Vista32. Link to comment Share on other sites More sharing options...
quosego Posted November 21, 2008 Share Posted November 21, 2008 (edited) The question is what is considered an unpack.. make it do the imports normally or just a decrypted code section.. I mean you could make an imports table and resolve all API calls but that isn't really necessary it seems. Very nice one though, you got me somewhat confused at some point. Regards, q. Small script; LCLResto //EP or systembreakpointGMI eip, MODULEBASElog $RESULT, "Modulebase: "mov base, $RESULTmov base1, $RESULTadd base, 3cadd base, [base]sub base, 3cadd base, 100 add base1, 1000log base1, "Code Section: "bpwm base1, [base]estobpmcmov write, eipadd write, 14bp write estobc eipbprm base1, [base]estoDPE "dump.exe", eipmsg "Program dumped and unpacked. Check dump.exe"ret Edited November 21, 2008 by quosego Link to comment Share on other sites More sharing options...
Nooby Posted November 21, 2008 Author Share Posted November 21, 2008 anything to do with stolen codes? Link to comment Share on other sites More sharing options...
Nevyn Posted November 22, 2008 Share Posted November 22, 2008 The question is what is considered an unpack.. make it do the imports normally or just a decrypted code section.. I mean you could make an imports table and resolve all API calls but that isn't really necessary it seems. Very nice one though, you got me somewhat confused at some point. Regards, q. Well the API pointers are still wrong, even though as you say, code section is decrypted. You can't remove the Nooby section until thats fixed. So i'd declare it unpacked once its removed. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now