Page 1 of 2 12 LastLast
Results 1 to 15 of 16

Thread: need some targets to test the iat rebuilder

  1. #1
    tsehp
    Guest

    need some targets to test the iat rebuilder

    hi,
    it's actually almost finished, and able to reconstruct all iat entries, encrypted or not for :
    -asprotect (all versions)
    -vbox 4.3 (encrypted iat's)
    So I need new targets, thanks to give me links for other packed apps
    with iat's to rebuild, with other protection schemes than the above,
    this will allow the tool to work on all the iat related protection schemes.
    regards,

    +Tsehp
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  2. #2
    DinDon
    Guest
    Waiting for your masterpiece (sources would be great too...)

    Regarding the links, have a look at xoptimus thread
    (target at http://www.hms.com/apps/issetup.exe)
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  3. #3
    zeduser
    Guest
    How about Advanced Direct Remailer 2.0 from Elconsoft? CASPR 0952 won't unpack it. CASPR worked on ADR 1.62 with no problem.

    http://www.elcomsoft.com/ADR/adr.zip
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  4. #4
    noname
    Guest
    Hi Tsehp,
    Tag&rename
    url http://www.softpointer.com

    regards
    noname
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  5. #5
    tsehp
    Guest
    Thanks guys,
    I will then finish testing my tool with those three targets, but before
    releasing it, I want el-caracol and the owl to finish to test the beta 1,
    then you can believe that I'll release this freely on the main server.
    I will only give parts of the source to help people that wants to do the same, and actually working on such related schemes. The idea this time is to gather some people on this project, but the info will be available for everyone who asks.
    Be patient, it's coming soon. Thanks again for all the great people that helped me on this messageboard, with special words to :
    -The owl (unbelievable knowledge on this)
    -El caracol, French cracker and funniest essays I've ever read.
    -Arthaxerxes, idem and working on things that nobody did before.
    and all of you, still giving this place such a good spirit of knowledge exchange.

    Time to go back to work, just to finish before Christmas.

    best regards,

    +Tsehp
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  6. #6
    Adobe LiveMotion http://www.adobe.com vbox 4.3
    NetObjectsFusion v5.0 http://www.netobjects.com vbox 4.3 but somehow different

  7. #7
    tsehp
    Guest
    thanks again !
    I'm sorry but the beta of my app will be delayed again
    Why ? because a badly needed api that I used on win nt is not implemented at all on win98, so I'm working hard to emulate it, have no choice. If someone knows its CreateRemoteThread .
    later,

    +Tsehp
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  8. #8
    tsehp
    Guest
    zeduser (12-20-2000 22:08):
    How about Advanced Direct Remailer 2.0 from Elconsoft? CASPR 0952 won't unpack it. CASPR worked on ADR 1.62 with no problem.

    http://www.elcomsoft.com/ADR/adr.zip
    It was resolved, see the attachment. I have to port it to win9x and
    will release it pretty soon.
    regards,

    +Tsehp
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  9. #9
    tsehp
    Guest
    LaptoniC (12-22-2000 21:20):
    Adobe LiveMotion http://www.adobe.com vbox 4.3
    NetObjectsFusion v5.0 http://www.netobjects.com vbox 4.3 but somehow different
    Just tried netfusion, quite a big one but resolved also, see the attachment.
    regards,

    Tsehp
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  10. #10
    tsehp
    Guest
    LaptoniC (12-22-2000 21:20):
    Adobe LiveMotion http://www.adobe.com vbox 4.3
    NetObjectsFusion v5.0 http://www.netobjects.com vbox 4.3 but somehow different
    Just tried netfusion, quite a big one but resolved also, see the attachment.
    regards,

    Tsehp
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  11. #11
    K-BOY
    Guest
    This piece is a little bit weird to me
    http://www.addon-factory.com/download/cheet!_v1.12.zip
    can it be tested ?
    Thanks
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  12. #12
    Just tried netfusion, quite a big one but resolved also, see the attachment.
    regards,
    Tsehp
    There is some question marks are they ok ?.Also netobjects fusion decryps imports when it needs then destroy again. I have tried to unapck it but when it starts it calls another dll import which is destroyed and crashes.How I can use your tool to rebuild import a little tutorial can help me so much.Thanks.

  13. #13
    tsehp
    Guest
    K-BOY (01-10-2001 10:07):
    This piece is a little bit weird to me
    http://www.addon-factory.com/download/cheet!_v1.12.zip
    can it be tested ?
    Thanks
    write me to get the beta !
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  14. #14
    tsehp
    Guest
    LaptoniC (01-10-2001 10:24):
    Just tried netfusion, quite a big one but resolved also, see the attachment.
    regards,
    Tsehp
    There is some question marks are they ok ?.Also netobjects fusion decryps imports when it needs then destroy again. I have tried to unapck it but when it starts it calls another dll import which is destroyed and crashes.How I can use your tool to rebuild import a little tutorial can help me so much.Thanks.
    revirgin just impersonates the app itself when using iat entries, so they are decrypted and resolved by the tracer, you can only use the program itself while residing in mem, build the files and copy them into the dumped app. ask for the beta, everything is explained into the readme
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  15. #15
    St Thomas
    Guest
    Hello,

    The "Chameleon Clock v2.51" seems to be protected by AsProtect. If you want to try your program on this target, here is the URL :

    www.softshape.com/cham

    Thanks in advance for your work
    St Thomas

    PS:
    Is it possible to download your program. If yes, where ? - thank you
    I promise that I have read the FAQ and tried to use the Search to answer my question.

Similar Threads

  1. PE Section Adder and rebuilder
    By yekhni in forum Malware Analysis and Unpacking Forum
    Replies: 0
    Last Post: September 19th, 2013, 07:07
  2. Where to get the targets???
    By ullusingh in forum The Newbie Forum
    Replies: 4
    Last Post: March 24th, 2004, 04:27
  3. Revirgin (iat rebuilder) final available.
    By tsehp in forum Advanced Reversing and Programming
    Replies: 19
    Last Post: February 10th, 2001, 09:59
  4. Adding some tracing features to a c++ program (iat rebuilder)
    By tsehp in forum Advanced Reversing and Programming
    Replies: 10
    Last Post: November 29th, 2000, 16:49
  5. A simple question concerning an iat rebuilder
    By tsehp in forum Advanced Reversing and Programming
    Replies: 10
    Last Post: November 9th, 2000, 14:04

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •