Results 1 to 10 of 10

Thread: Is this packer New ??

  1. #1

    Is this packer New ??

    I don't know if this packer is old.

    PeId cann't recognize it. I never dealt before with it. I posted it because there is some try to avoid OEP finding with stack overloading by infinite calling loop.

    Then he generates some kind of exception.
    I found OEP, but earlier methods for it falied. After that everyhting was easy,
    if one wants to try by himself here is info

    EventHelix.com/EventStudio

    This should be event charter, but is almost useless comparing to competition

  2. #2
    Tola
    Guest
    click the 'buy' button and see what happens.
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  3. #3
    Shoob
    Guest
    Looks like a Vbox clones Oep is 432E54 as you know so whats actually your problem? set a breakpoint on the 2 crypted thunks (first kernel32, sec user32.dll) in olly and follow them (go into jmp eax) they are stored there uncrypted. Or set an breakpoint on where the apis (stored in dword) get moved to eax thats much easier. I have attached IAT so you can have a compare.

    Not anymore you haven't...

    anyone is interested in iat pm me ....
    Last edited by Shoob; August 18th, 2003 at 18:03.
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  4. #4
    I have no problem, just wanted to know what this is. Your OEP is good.

    set a breakpoint on the 2 crypted thunks (first kernel32, sec user32.dll) in olly and follow them (go into jmp eax) they are stored there uncrypted. Or set an breakpoint on where the apis (stored in dword) get moved to eax thats much easier.
    Have you ever tried to use TrapFlag option in ImpRec ? Inspect for that in the future !

  5. #5
    Shoob
    Guest
    no cause my os crashed when i use it.
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  6. #6
    What is your OS. And which version if ImpRec you use.

    I tried to identify this packer with new PeId 0.9 but it lacked to do it. This must be something really tough, maybe we should write to PeId makers to introduce them into our new discovered packer. Or maybe they considered this packer is to stupid to put it into database, I don't think so.

  7. #7
    Esther !?

    Is this your work ------> Not anymore you haven't... and this ------>pm me

  8. #8
    Administrator dELTA's Avatar
    Join Date
    Oct 2000
    Location
    Ring -1
    Posts
    4,206
    Blog Entries
    5
    I removed the iat, and Shoob added the "pm me" when he saw that it was deleted.

    Esther cannot edit other people's posts, since he's not a moderator.


    dELTA

  9. #9
    Registered User hobferret's Avatar
    Join Date
    Jul 2002
    Location
    Alien Area near Albuquerque
    Posts
    203
    Hi all

    Zilot you state "tried to identify this packer with new PeId 0.9 but it lacked to do it. This must be something really tough, maybe we should write to PeId makers to introduce them into our new discovered packer. Or maybe they considered this packer is to stupid to put it into database, I don't think so."

    You don't think so eh?

    Well I D/L this prog and it took only 5mins to remove encryption.

    IMHO It is pretty useless let's just wait and see what the "old boys" think of this protection!

    /hobferret

  10. #10

    Lightbulb

    i think this progge packed .
    with wat , i dont know .
    Last edited by seven; August 20th, 2003 at 12:58.

Similar Threads

  1. how packer?
    By MEY in forum The Newbie Forum
    Replies: 9
    Last Post: February 2nd, 2013, 18:32
  2. What packer is this?
    By Segfault in forum Malware Analysis and Unpacking Forum
    Replies: 1
    Last Post: January 13th, 2011, 10:25
  3. what is this packer?
    By mysters in forum Malware Analysis and Unpacking Forum
    Replies: 11
    Last Post: January 16th, 2006, 16:24
  4. the new packer
    By gunterg in forum Malware Analysis and Unpacking Forum
    Replies: 8
    Last Post: December 22nd, 2004, 13:29
  5. what packer :(
    By silverstorm in forum Malware Analysis and Unpacking Forum
    Replies: 5
    Last Post: August 5th, 2002, 13:58

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •