Posted February 12, 201015 yr Just experimenting.As the title suggests, successfully dump and rebuild the file.Difficulty: ?packed.rar
February 12, 201015 yr Author Thanks. And,Difficulty: ?Only experimenting like I said, just wondering whether its worth totally re-basing the image if relocs are present.
February 13, 201015 yr The [unpackme] tag has been added to your topic title. Please remember to follow and adhere to the topic title format - thankyou! [This is an automated reply]
February 13, 201015 yr Difficulty: ? <-- No not really.So you know I can just give you my opinion.-no IAT redirection-no AntiDump / dump protection feature-no manipulation detection / CRC / PEYou should also insert more [self] and debug checks.So keep going maybe you next one will be harder.greetz
February 13, 201015 yr also you should pack bigger file if you are developing your own protector so we can fully test it. As for protection you should do what lcf said, plus: 1) try to hide the jmp to oep 2) add some primitive obfuscation (by using jumps) 3) dont make the code too linear: use calls inside calls to hide what your packer does. It's stupid but effective regarding antidebugs try to develop your own way to detect debuggers: altough they are more or less all known, try to make some little tricks (plugin detection, hook of patches made by plugins detection etc) last week i found a paper from blackhat explaining malware protection but i cant find it anymore. was nice for some inspiration
Create an account or sign in to comment