Page 1 of 2 12 LastLast
Results 1 to 15 of 29

Thread: PackerBreaker - Yet another universal unpacker tool

  1. #1

    Lightbulb PackerBreaker - Yet another universal unpacker tool

    PackerBreaker is yet another universal unpacker tool to help you to unpack, decompress and decrypt most of the programs packed, compressed or encrypted with the very well knowns software protection programs like UPX, ASPack, FSG, ACProtect, etc.
    PackerBreaker uses advanced emulation technology to unpack packed programs.

    Name:  pb-snap-1.png
Views: 1289
Size:  41.4 KB
    PackerBreaker could support following packers:
    UPX
    NSPACK
    eXpressor
    FSG
    telock
    ReCrypt
    Orien
    Aspack
    telock
    ReCrypt
    AcProtect
    MEW
    Molebox
    mpress
    EXE STEALTH
    VPacker
    yoda’s cryptor 1.2
    WinUpack 0.39 final
    PECompact
    PETITE 2.2
    Morphnah Beta

    PackerBreaker also includes a PE signature detector based on the PEiD Signatures Database.

    PackerBreaker could be downloaded from http://www.sysreveal.com/category/packerbreaker/

  2. #2
    SHDE result(tracer").

    SHDE_log_crap_drv.rar

    Name:  yo.png
Views: 991
Size:  18.9 KB

  3. #3

    Question

    What is this? A trace log of SysTracer? PackerBreaker never drops a driver.
    Last edited by blabberer; November 2nd, 2012 at 15:35. Reason: removed quote

  4. #4
    Super Moderator
    Join Date
    Dec 2004
    Posts
    1,456
    Blog Entries
    15
    though packer breaker doesn't seem to drop a driver
    it suspicioulsy creates an exe when analysing it self
    also it seems to hate process monitors because
    on top of some boring custom packer it uses themida professional it seems
    from oreans (an your packer breaker cant identify what you packed it with

    to be frank a free exe/app that looks fishy on first sight
    and would need a a lot of verification/debugging
    before one can actually try to use it
    takes the joy out of it


    Code:
     
     
                          :
                          : %s------------------------------------------------
                          : ---          Themida Professional            ---
                          : ---      (c)2010 Oreans Technologies         ---
                          : ------------------------------------------------
                          :
                          :
    
    Log data
    Address   Message
              Window    002102b2
              Name      Themida 
              Class     #32770
              WndProc   00000000
              Style     WS_SYSMENU WS_DLGFRAME WS_BORDER WS_CLIPSIBLINGS WS_VISIBLE WS_POPUP DS_ABSALIGN DS_SETFONT DS_MODALFRAME DS_NOIDLEMSG DS_3DLOOK
              ExStyle   WS_EX_DLGMODALFRAME WS_EX_WINDOWEDGE WS_EX_LEFT WS_EX_LTRREADING WS_EX_RIGHTSCROLLBAR WS_EX_CONTROLPARENT
              HInstance 7e410000
              ParentWnd 00000000
              Id        00000000
              UserData  0013fe9c
              DlgProc   00000000
              MsgResult 00000000
              DlgUser   00000000
              Unicode   TRUE
              ThreadId  0000095c
              ProcessId 000008e0
              Window    001f02b0
              Name      A debugger has been found running in your system.
              
    Please, unload it from memory and restart your program.
              Class     Static
              WndProc   00000000
              Style     WS_GROUP WS_VISIBLE WS_CHILD DS_MODALFRAME DS_CONTEXTHELP
              ExStyle   WS_EX_NOPARENTNOTIFY WS_EX_LEFT WS_EX_LTRREADING WS_EX_RIGHTSCROLLBAR
              HInstance 7e410000
              ParentWnd 002102b2
              Id        0000ffff
              UserData  00000000
              DlgProc   00000000
              MsgResult 00176258
              DlgUser   00000000
              Unicode   TRUE
              ThreadId  0000095c
              ProcessId 000008e0
              PROCESS 865bc448  SessionId: 0  Cid: 08e0    Peb: 7ffde000  ParentCid: 0b08
                  DirBase: 0fc80400  ObjectTable: e1c5c200  HandleCount:  67.
                  Image: PackerBreaker.exe
              PROCESS 865bc448  SessionId: 0  Cid: 08e0    Peb: 7ffde000  ParentCid: 0b08
                  DirBase: 0fc80400  ObjectTable: e1c5c200  HandleCount:  67.
                  Image: PackerBreaker.exe
                  VadRoot 86587958 Vads 103 Clone 0 Private 1304. Modified 287. Locked 0.
                  DeviceMap e287d088
                  Token                             e3c1b750
                  ElapsedTime                       01:35:21.468
                  UserTime                          00:00:00.281
                  KernelTime                        00:00:05.578
                  QuotaPoolUsage[PagedPool]         42820
                  QuotaPoolUsage[NonPagedPool]      4120
                  Working Set Sizes (now,min,max)  (1793, 50, 345) (7172KB, 200KB, 1380KB)
                  PeakWorkingSetSize                2595
                  VirtualSize                       47 Mb
                  PeakVirtualSize                   48 Mb
                  PageFaultCount                    3096
                  MemoryPriority                    BACKGROUND
                  BasePriority                      8
                  CommitCharge                      1722
                  DebugPort                         86bc2a88
                      THREAD 85f0a5c8  Cid 08e0.095c  Teb: 7ffdd000 Win32Thread: e3cd2cb8 WAIT
                      THREAD 85e7fc98  Cid 08e0.0808  Teb: 7ffdc000 Win32Thread: 00000000 WAIT
                      THREAD 86054288  Cid 08e0.00a0  Teb: 7ffdb000 Win32Thread: 00000000 WAIT
                      THREAD 86580898  Cid 08e0.02d0  Teb: 7ffda000 Win32Thread: 00000000 WAIT
                      THREAD 8656bda8  Cid 08e0.0130  Teb: 7ffd9000 Win32Thread: 00000000 WAIT
                      THREAD 86bbe168  Cid 08e0.052c  Teb: 7ffd8000 Win32Thread: 00000000 WAIT
                      THREAD 86462aa0  Cid 08e0.0118  Teb: 7ffd7000 Win32Thread: 00000000 WAIT
                      THREAD 85ea54f8  Cid 08e0.0f30  Teb: 7ffd6000 Win32Thread: 00000000 WAIT
                      THREAD 85f28d10  Cid 08e0.0370  Teb: 7ffd5000 Win32Thread: 00000000 WAIT
                      THREAD 86053328  Cid 08e0.012c  Teb: 7ffd4000 Win32Thread: 00000000 WAIT
                      THREAD 85efd870  Cid 08e0.08a0  Teb: 7ffaf000 Win32Thread: 00000000 WAIT
                      THREAD 86bf0250  Cid 08e0.0bd0  Teb: 7ffae000 Win32Thread: 00000000 WAIT
                      THREAD 85e19508  Cid 08e0.0ea4  Teb: 7ffad000 Win32Thread: 00000000 WAIT
                      THREAD 85e8e8c0  Cid 08e0.00e0  Teb: 7ffac000 Win32Thread: 00000000 WAIT
                      THREAD 85fb1b90  Cid 08e0.0990  Teb: 7ffab000 Win32Thread: 00000000 WAIT
                      THREAD 85f875b8  Cid 08e0.0a64  Teb: 7ffaa000 Win32Thread: 00000000 WAIT
                      THREAD 85e03020  Cid 08e0.09f0  Teb: 7ffa9000 Win32Thread: 00000000 WAIT
                      THREAD 865ea4f8  Cid 08e0.0aec  Teb: 7ffa8000 Win32Thread: 00000000 WAIT
                      THREAD 86ce6da8  Cid 08e0.0afc  Teb: 7ffa7000 Win32Thread: 00000000 WAIT
                      THREAD 86ccc020  Cid 08e0.0af8  Teb: 7ffa6000 Win32Thread: 00000000 WAIT
                      THREAD 865792e0  Cid 08e0.09a0  Teb: 7ffa5000 Win32Thread: 00000000 WAIT
                      THREAD 85e944c8  Cid 08e0.0b00  Teb: 7ffa4000 Win32Thread: 00000000 WAIT
                      THREAD 85f1b820  Cid 08e0.0bd8  Teb: 7ffa3000 Win32Thread: 00000000 WAIT
                      THREAD 85e5cda8  Cid 08e0.0b48  Teb: 7ffa2000 Win32Thread: 00000000 WAIT
                      THREAD 86089020  Cid 08e0.0b38  Teb: 7ffa1000 Win32Thread: 00000000 WAIT

  5. #5
    Hehe, you are right. Even I tried to make all my utilities free and simple, I had to add some protections to my code, but we are in a Malware Analysis and unpacking forum, you have to try it at your own risk.
    Last edited by blabberer; November 2nd, 2012 at 15:36. Reason: removed quote

  6. #6
    Could you add command line support?

  7. #7

    Cool

    Quote Originally Posted by VirusBuster View Post
    Could you add command line support?
    Maybe in next version.

  8. #8
    <script>alert(0)</script> disavowed's Avatar
    Join Date
    Apr 2002
    Posts
    1,281
    Quote Originally Posted by niucool View Post
    we are in a Malware Analysis and unpacking forum, you have to try it at your own risk.
    Thanks, you've just encouraged me to never try anything you share with us.

  9. #9

    Exclamation no, sir.

    Quote Originally Posted by niucool View Post
    Hehe, you are right. Even I tried to make all my utilities free and simple, I had to add some protections to my code, but we are in a Malware Analysis and unpacking forum, you have to try it at your own risk.
    We are in malware analysis and unpacking forum, yes. But please take note that distributing malware disguised as a tool in order to infect ppl here won't be tolerated.
    Please consider donating to help Woodmann.com staying online (here is why).
    Any amount greatly appreciated. Thank you.

  10. #10

    Exclamation

    OK, Let's end up this joke.
    Seriously, it is a tool for unpacking, it has been downloaded more than 4000 times (from my website and other forums) and got lots of positive evaluations since I released it, I also got many bug reports which made me improve this tool.
    Some of links are here (sorry, Chinese only):
    http://www.52pojie.cn/thread-165750-1-1.html
    http://www.unpack.cn/thread-84401-1-1.html

    Some guys dislike it only because it uses Themida as its packer. I respect their choice, and on the other hand, I also want to keep my honor for my work and distributing it as a free tool.
    Last edited by blabberer; November 2nd, 2012 at 15:37. Reason: removed superflous quote

  11. #11
    Well, keep it then.
    I flout Chuck Norris, Spongebob barbecues underwater!

  12. #12

    As Above

    Niucool, you realize that most automatic unpackers are used by people who don't know manual unpacking, right? This gives an opportunity for a malware artist, to put something unnecessary and take advantage of that fact. Now, you deny doing so (though, all evidence points to the contrary), but you are doing a piss poor job with your attitude.

    Most people on this board are excellent reversers for many years who can smell a suspicious application a mile off. So first things first:

    1. Why are you releasing tools in the malware board, rather than the tools board?
    2. Why are you packing your software if it's free. I agree not everyone is IDA PRO, but I'd suggest you get rid of the notion that I won't let anyone copy my code. Cracking an application, and reverse engineering a full program from assembly to be able for recompilation are 2 very different things. Chances are, people who can do the latter, are already having their own coded unpackers.
    3. Your attitude of "I'm so smart, I'm distributing this as a riddle, solve it whether its malware or not" is probably going to give you negative responses. It's not a smart attitude. It's smarmy. Understand the difference.
    4. Yes, it may have been download 4000 times. By people who generally don't know what they are doing, perhaps. Here, the reversers know.
    5. Why is there no full disclosure? If your app is packed by themida and creates and EXE, then that's OK. But let it be known BEFORE you post the app link. ESPECIALLY if you're posting in the malware section.


    It's nice to know you code and want to distribute your tools. Problem is, this experience will tell you are not to be trusted. Niucool? well, don't know if he's distributing malware in the name of tools. THAT is the attitude that will spread around. If it has not already. Then, where's the honor?

    Peace.

    Have Phun
    Blame Microsoft, get l337 !!

  13. #13

    Red face Good points

    Thank you for your reply, Aimless. For your questions:
    1. I did not notice that I post in a wrong board till you told me. It is my fault, since I am new to this forum, I just find a board with name "unpacking" and post it, shame on me. It also explains your question no 5.
    Could someone help me to move this post to a proper board?
    2. Do you mean you should not pack a program if it is free? If yes, I disagree.
    3. Sorry for my bad joke, I didn't know it is a board only for malware.
    4. The places I posted also have many reversers with experiences.
    5. Sorry again for my mistake.

    -------------------------------------
    Sorry for my slow mind, I have a silly question here:
    I'm a little confused, is this Malware Analysis and Unpacking Forum a Malware Analysis and Unpacking or Malware Analysis and Unpacking forum? Why could other normal software be posted here?
    Last edited by blabberer; November 2nd, 2012 at 15:39. Reason: removed superflous quote

  14. #14
    <script>alert(0)</script> disavowed's Avatar
    Join Date
    Apr 2002
    Posts
    1,281
    Quote Originally Posted by niucool View Post
    is this Malware Analysis and Unpacking Forum a Malware Analysis and Unpacking or Malware Analysis and Unpacking forum?
    Malware Analysis and Unpacking

    You're right, though; it's not very clear

  15. #15
    Quote Originally Posted by disavowed View Post
    Malware Analysis and Unpacking

    You're right, though; it's not very clear
    That is an interesting play with words, I never noticed it..ambiguous indeed.

Similar Threads

  1. .NET generic unpacker
    By pnluck in forum Tools of Our Trade (TOT) Messageboard
    Replies: 17
    Last Post: September 30th, 2006, 09:01
  2. universal brute force tool
    By Boris in forum The Newbie Forum
    Replies: 4
    Last Post: July 22nd, 2004, 19:48
  3. Is there any universal breakpoint like "hmemcpy" in win2k or xp?
    By chenl in forum Tools of Our Trade (TOT) Messageboard
    Replies: 1
    Last Post: March 5th, 2002, 18:34
  4. Is there any unpacker for Asprotect 1.2 ??
    By TrixMan in forum Malware Analysis and Unpacking Forum
    Replies: 11
    Last Post: December 12th, 2001, 01:24

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •