[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [exelist] (unknown)
- To: unknown one <exelist@yahoogroups.com>
- Subject: Re: [exelist] (unknown)
- From: bart <cryogen@...>
- Date: Sat, 23 Mar 2002 20:31:36 +0100
- In-reply-to: <20020321124731.25842.qmail@...>
- Organization: xtreeme
- References: <20020321124731.25842.qmail@...>
- Reply-to: bart <cryogen@...>
Hi unknown,
uo> The other program I worked on last days is Pack
uo> Master 1.0. Everything sounds very nice since I
uo> can't get any packed files to work on several OS
uo> (Win95/NT/2000). Even the disasm approach I am
uo> using doesn't help - aPLib depack routine fails
uo> decompressing the sections and the second part
uo> of the packer. If I get at least one file to work
uo> I will code the unpacker.
I saw this "Pack Master" on exetools, but its in fact my PeX
exe-compressor, just look at the binary under disasembler,
they put some banner-shit in loader, but still its PeX, even worse,
withoua !any! modifications, man i was so angry when i saw this
(no greets or anything), but after all ive puplished src of PeX
(protools.cjb.net)
PeX doesnt work on several OS due to buggy align
routine, buggy relocations handling any many more, so does "Pack
Master"
if you dont belive me just look at this:
mov edx,12345678
@decryption_key_1 equ dword ptr $-4
@decrypt_extra_data:
mov al,byte ptr[edi]
@decrypt_extra_engine:
ror al,cl
xor al,cl
not al
xor al,ch
xor al,dl
xor al,dh
rol al,cl
add al,cl
add al,ch
not al
add al,dl
add al,dh
ror al,cl
sub al,cl
sub al,ch
not al
sub al,dl
sub al,dh
rol al,cl
@decrypt_extra_engine_size equ $-@decrypt_extra_engine
rol edx,cl
mov byte ptr[edi],al
inc edi
dec ecx
jne @decrypt_extra_data
_trash 0E8h
ud2_1 ; exception :)
this is PeX main decryption routine (oligomorphic)
.004081B0: BA9FCF426A mov edx,06A42CF9F ;"jB��"
.004081B5: 8A07 mov al,[edi]
.004081B7: 2AC1 sub al,cl
.004081B9: 2AC5 sub al,ch
.004081BB: F6D0 not al
.004081BD: 2AC2 sub al,dl
.004081BF: 2AC6 sub al,dh
.004081C1: D2C0 rol al,cl
.004081C3: D2C8 ror al,cl
.004081C5: 32C1 xor al,cl
.004081C7: F6D0 not al
.004081C9: 32C5 xor al,ch
.004081CB: 32C2 xor al,dl
.004081CD: 32C6 xor al,dh
.004081CF: D2C0 rol al,cl
.004081D1: 02C1 add al,cl
.004081D3: 02C5 add al,ch
.004081D5: 02C2 add al,dl
.004081D7: 02C6 add al,dh
.004081D9: D2C8 ror al,cl
.004081DB: D3C2 rol edx,cl
.004081DD: 8807 mov [edi],al
.004081DF: 47 inc edi
.004081E0: 49 dec ecx
.004081E1: 75D2 jne .0004081B5 -------- (1)
.004081E3: E801000000 call $+6 <-- trash
opcode
.004081E9: 83C404 add esp,004 ;"�"
.004081EC: 0F0B ud2
PS. Hey i wouldnt be surprised if you could unpack this "Pack Master"
using DeX (also available on protools), fuckin thiefs, im going.
bart
cryogen@... | www.ctrl-d.prv.pl