[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[exelist] Discussion on DOS executable protection systems

To: <exelist@egroups.com>
Subject: [exelist] Discussion on DOS executable protection systems
From: "Stefan Esser" <anakin__@...>
Date: Mon, 6 Dec 1999 23:30:30 +0100
Delivered-to: listsaver-of-exelist@egroups.com
Delivered-to: listsaver-egroups-exelist@egroups.com
List-archive: <http://www.egroups.com/group/exelist/>
List-help: <http://www.egroups.com/group/exelist/info.html>, <mailto:exelist-help@egroups.com>
List-unsubscribe: <mailto:exelist-unsubscribe@egroups.com>
Mailing-list: contact exelist-owner@egroups.com
Reply-to: "Stefan Esser" <anakin@...>

Sorry Mr. Gabler,

unfourtunately I must correct you. Generic unpacking of PE files is
impossible. Programs like ProcDump are nice, but there is much more to
rebuild a PE in comparison to a DOS Executable. You need much more then the
entrypoint to defeat the protection. Just an example: all known (released
and kept private) Import Rebuilders are still not able to recreate PE's that
were Protected with PE-SHiELD -API. Of course removing of PE-SHiELD is
possible, but to make it generic on future protections is nearly impossible.
PE-SHiELD is one year old... Developing of unpackers went forward during the
time... But although i did not release anything in my mind i collected a lot
of evil ideas.... Ideas that can't be reconstructed if you dont combine the
Power of IDA, PROCDUMP, SICE and some future AI Systems....

Yours sincerelly,
ANAKiN

Prev by Date: [exelist] Discussion on DOS executable protection systems
Next by Date: [exelist] Fw: Sudden Discharge needs your help with the archives
Previous by thread: [exelist] Discussion on DOS executable protection systems
Next by thread: [exelist] Fw: Sudden Discharge needs your help with the archives
Index(es):
- Date
- Thread