bigboss-62 Posted March 10, 2010 Posted March 10, 2010 (edited) Hello friends,i'm proud to bring you my unpacker for PEDiminisher v0.1 from Teraphy.Why do i say "Complete decryptor" ?- PeDiminisher Unpacker (Direct approch) from DESPERATE is failing with original PED, my unpacker is working.- Generic unpackers and PeDiminisher Unpacker (Debug approach) from DESPERATE are working with PED, but you can't remove "extra" sections from PED if "Encrypt resources" and "Exclude Icons" were checked.In default, PED creates a ".teraphy" unpacking section in packed file.In case "Encrypt resources" and "Exclude Icons" were checked, PED creates an extra section named ".icon", where it duplicates icon contents from resource to this new ".icon" section and finally correct the RVA in resource to this new section.So, if you're removing ".teraphy" and ".icon" section, the RVA is now an unallocated contents, and it failed.My hardest work was the resource scanner to correct the RVA in order to be able to remove these sections.As usual, unpacker source in masm and packer are included for interested ones...(Note: Look at the resource scanner, it's an incredible recursive proto.)I'm actually finishing "sourcing" PED for those who are interested...Any comments, opinions on source code, bug reports or others are welcome...See you soon ...Laurent aka BIGBOSS from COPs...PEDiminisher_v0.1.zipCPS!UnPED.zip Edited March 10, 2010 by bigboss-62
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now