PDA

View Full Version : unknown crypter/packer


Rip
February 1st, 2002, 12:24
hi,

recently, i've tried to crack a proggy called PrintPoint 4.5 (h**p://w*w.printpoint.com/demo/downloads/PrintPoint_4.5_Setup.exe). This piece of software is protected only by a sn, very strange for a 4000 usd appz. My problem is that this program is packed with an unknown packer (no file analyzer was able to give me an info regarding the packer/crypter used). Among other usual things, the PE header contain a section called "WINTH_TE". I've tried also manual unpacking, but since i've no access to a Win9x system, the options are limited. Any ideea of the packer/crypter used? Maybe someone else saw this "WINTH_TE" section in other programs.

thx a lot

Rip

me8
February 1st, 2002, 14:03
guessing it could be telock, but am sure 90% that's not...

DakienDX
February 1st, 2002, 14:12
Hello Rip !

The reason why no file analyzer can tell you which packer is used is that NO packer is used. I just checked the main .EXE and looked at a normal Win32-PE file with no special protection in it. The section "WINTH_TE" is a normal section containing code too. The OEP is located in the ".code" section and has also no special meaning.

It is usual that some programs have more than one code segment. Sometimes you have "AUTO"/"CODE", sometimes ".code"/".code1", so why not ".code"/"WINTH_TE"? I don't know the reason why, but it may be that the program's authors link some compiler incompatible code with the program.

Rip
February 2nd, 2002, 15:54
DakienDX,

thx for your very kind research :-)

Can i contact you by e-mail? I've some other few things to clarify regarding this software. Hope u can light my mind.

DakienDX
February 2nd, 2002, 16:01
Hello Rip !

Why do you want to contact me by E-Mail?
Do you think I'm the only one here who can help you?
Do you think nobody is interested in the target?

You can explain any problems you have here.
So, where are you stuck?