Results 1 to 6 of 6

Thread: Xenocode unpack

  1. #1
    squalito
    Guest

    Xenocode unpack

    Hello,

    I'm looking for some informations about Xenocode. How it works, what solutions exists to unpack, etc.

    In fact, what I've found is that xenocode pack the exe and the dll. Then at runtime it unpack them in memory (surely with also the virt machine)

    I've been able to unpack the exe and the dll but I've done this from a bad way I think (I looked for MZ in memory map)

    Also the obfuscation is well done, and I had a lot of pbms to find my way.
    Finally I've been able to create a Keygen, but one more time I've done this using a long and bad way.

    So do you have some informations of how we could unpack xenocode ?

    ps: The LibX tool doesn't work with last xencode verison, and I don't want to use an unpacker but rather find a good/general way to upack xenocode

    The idea behind this is to rip xenocode functions, and maybe create an unpacker..

    So all informations that could put me on the good way are welcome

    Thanks by advance
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  2. #2
    The FIRST thing you should have done, because you haven't said that you have already done so, is actually READ the FAQ!

    It will tell you that we expect new posters on these Forums to do certain things BEFORE they post here and that they actually tells us "what they have done" to attempt to solve THEIR problem, BEFORE they ask for help.

    That's WHY the BIG RED LETTERS are at the top of all the Forums.

    What you appear to have failed to do, besides actually READ the FAQ, is to do some searching, here and on the net, for the possible answers to YOUR question and then tell US what you have actually done to try to actually help yourself.

    For example, did you put some rather "obvious" search criteria in YOUR favorite search engine and read what you found?? If you did, how would we know that you have done so, or what you may have actually done to try to solve "your" problem??

    Using: xenocode unpacking

    I got 491 hits.

    Using: xenocode keygenning

    I got 87 hits.

    Have YOU read any of these??? If you have not, go do that first. If you have, how would we know that you have searched for information on your own???

    Regards,
    JMI

  3. #3
    squalito
    Guest
    Hello,

    I've readen the FAQ and I always read the post it, before posting. I have also done a search on this forum, and as all others (in general) there is only tools like LibX one (xenocode solutions)

    i've also searched on the net about Xenocode unpack and found a good tut made by rongchaua.
    In fact if you "google" xenocode unpack you won't find so much information. of course there is LibX tools and as I said the rongchaua tut.

    I just think the rongchua tut is not a generic solution for xenocode.

    What I'm looking for is try to know if some of you have already "played" with xenocode, and if so what are the API it uses.
    What I found myself is that xenocode hooks these ntdll apis : ZwCreateFile, ZwMapViewOfSection, ZwCreateKey

    I used the rongchaua tut to unpack this xenocode, but I think the best would be to :
    1- Ripp the crypt/decompress routines of xenocode and create a little tool
    or
    2- Hook these apis ZwReadFile et ZwMapViewOfSection to find the protected map file and be able to dump them

    So here are my ideas, the question is, does somebody has already tried this ? do you think I am on the good way ?

    I don't want to hurt somebody and if my questions doesn't have to be there, so do not hesitate to delete this post and so please excuse me for this

    Thanks by advance
    sQuaLito
    Last edited by squalito; June 30th, 2008 at 05:57.
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  4. #4
    You are not "hurting" anyone with your post, but your second post contains the kind of information which you should have included in your first post and then you would not have heard from me about following the directions of the FAQ.

    Regards,
    JMI

  5. #5
    squalito
    Guest
    Quote Originally Posted by JMI View Post
    You are not "hurting" anyone with your post, but your second post contains the kind of information which you should have included in your first post and then you would not have heard from me about following the directions of the FAQ.

    Regards,
    No pbms so and promise next time I'll explain everything since the 1st post.
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  6. #6
    And welcome aboard the Forums.

    Regards,
    JMI

Similar Threads

  1. Unpacking Xenocode App
    By General1337 in forum Advanced Reversing and Programming
    Replies: 5
    Last Post: February 18th, 2010, 19:40
  2. The Xenocode Solution v2.0
    By LibX in forum Tools of Our Trade (TOT) Messageboard
    Replies: 2
    Last Post: August 6th, 2007, 02:11
  3. The Xenocode Solution v1.2
    By LibX in forum Tools of Our Trade (TOT) Messageboard
    Replies: 3
    Last Post: April 27th, 2007, 19:22
  4. unpack me
    By girl in forum Malware Analysis and Unpacking Forum
    Replies: 32
    Last Post: April 27th, 2004, 18:32

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •