Page 1 of 2 12 LastLast
Results 1 to 15 of 23

Thread: Identifying Protection

  1. #1
    xollox
    Guest

    Identifying Protection

    I've been lurking in this forum for a while, and I've come across a problem that I need some help with.

    I have a program that I'd like to some "work" with, but I am unable to identify what protection is used. It's a publically available beta demo of a game that I'd like to write some hacks for.

    PE-Scan reports "no recognised packer/encryptor found" and PEiD reports "Nothing found *"

    When I try to open it in OllyDbg, it says that it's packed or encrypted and when loaded it shows code that is clearly packed/or encrypted.

    Since I'm a newbie in the field, I don't know where to go from here. Any help would be appreciated.
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  2. #2
    : Code Injector : nikolatesla20's Avatar
    Join Date
    Apr 2002
    Location
    :ether:
    Posts
    815
    A good start is to load the program into LordPE or PEditor and take a look at the sections. How many are there and what are there names, etc. This can usually strongly point towards the protection used.

    If you can post this info without giving away the name of the target (DONT TELL US THE TARGET) then do so and maybe one of us might recognize it.

    -nt20

  3. #3
    Administrator dELTA's Avatar
    Join Date
    Oct 2000
    Location
    Ring -1
    Posts
    4,206
    Blog Entries
    5
    Also, I guess the authors of programs like PEiD are always interested in samples of unknown packers, and if you're lucky you might be able to get the information you want from them at the same time. Try to find out as much as possible yourself first though, to make it easier for them.

  4. #4
    xollox
    Guest
    Thanks for the tips, guys.

    Here is what LordPE told me:
    .CODE
    .rsrc
    .idata
    .ext
    XPROT
    .vmtext
    Last edited by xollox; May 3rd, 2004 at 22:24.
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  5. #5
    Quote Originally Posted by xollox
    Thanks for the tips, guys.

    Here is what LordPE told me:
    .CODE
    .rsrc
    .idata
    .ext
    XPROT
    .vmtext
    I might be wrong here , but I think it's Xprotector (Extreme protector.)

    /Harding

  6. #6
    It looks extreme protector...but maybe it's not. I thought that extreme put all the sections in one or 2, but not so many as I can see in your program. Maybe the section names have been manipulated manually.

    As Delta proposed, PEiD could solve your problem.
    ---------
    Regards,
    Alorent

  7. #7
    Get the latest PeID out there
    esther


    Reverse the code,Reverse Your Minds First

  8. #8
    I do believe that the latest ver out there is 0.92....
    we are demons to some, angels to others.....

  9. #9
    xollox
    Guest
    Quote Originally Posted by UrgeOverKill
    I do believe that the latest ver out there is 0.92....
    I double checked that I had the latest version (released may 4) and copied all the userdb info out of the forums that i could find and still nothing.
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  10. #10
    dev_zero
    Guest
    What about file analyzer XL....
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  11. #11
    Wizard Extraordinaire
    Join Date
    Sep 2002
    Posts
    127
    Quote Originally Posted by xollox
    .... a publically available beta demo of a game that I'd like to write some hacks for.
    I hope hacks != cheats.

  12. #12
    Administrator dELTA's Avatar
    Join Date
    Oct 2000
    Location
    Ring -1
    Posts
    4,206
    Blog Entries
    5
    Why? As long as it isn't a networked multiplayer game I really can't see any harm in it?

  13. #13
    Are you xollox from MPC forums (bf1942/bfv)?

    If so ... nice to meet ya here ... i used to visit the boards/forums under different aliases

    I hope hacks != cheats.
    Hehe .. of course cheats
    Lots of multiplayer stuff for quite some time now ... leaving Punkbuster in dust (it aint a challenge in its current state, really) ...

    Lots of ppl have learned how to build their own private hacks now ... my personal estimate by visiting EA (pb enabled) servers that at least 5-10% cheat .. but well
    Last edited by SysCall; May 12th, 2004 at 16:55.

  14. #14
    xollox
    Guest
    Quote Originally Posted by SysCall
    Are you xollox from MPC forums (bf1942/bfv)?
    The same (:

    Quote Originally Posted by SiNTAX
    I hope hacks != cheats.
    To be honest, it does equal cheats. Over the past few months I've become less and less interested in actually playing games and more interested in reversing them, seeing how they work, making modifications, etc. For a while I probably spent 20+ hours/week reversing and 3 or 4 hours every other week playing. My online play time is severly limited by my bandwidth (56k) for the time being. Luckily I have friends nearby with broadband...

    Quote Originally Posted by dev_zero
    What about file analyzer XL....
    I tried both file inspector XL and file analyzer. (I googled file analyzer XL and couldn't find anything by that name...) Both report the packer as "ASPack 1.02b or 1.08.03" Is this a potential misreport or do these older anaylzers pick up something that doesn't PEiD doesn't?

    Quote Originally Posted by dELTA
    Also, I guess the authors of programs like PEiD are always interested in samples of unknown packers, and if you're lucky you might be able to get the information you want from them at the same time. Try to find out as much as possible yourself first though, to make it easier for them.
    Should I try to contact the authors and let them know about the program? I looked over the PEiD website and can't find any sort of reporting method...
    Last edited by xollox; May 13th, 2004 at 02:55.
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  15. #15
    Wizard Extraordinaire
    Join Date
    Sep 2002
    Posts
    127
    Quote Originally Posted by xollox
    To be honest, it does equal cheats. Over the past few months I've become less and less interested in actually playing games and more interested in reversing them, seeing how they work, making modifications, etc. For a while I probably spent 20+ hours/week reversing and 3 or 4 hours every other week playing. My online play time is severly limited by my bandwidth (56k) for the time being. Luckily I have friends nearby with broadband...
    Tssk.. that puts you in my bad book I'm afraid (not that anybody cares about that ).. but some people still have ethics.. and spoiling other peoples fun/day isn't something I enjoy...

Similar Threads

  1. Identifying library functions
    By lborup in forum The Newbie Forum
    Replies: 3
    Last Post: January 31st, 2009, 10:53
  2. Identifying SDK APIs without a library?
    By 5aLIVE in forum The Newbie Forum
    Replies: 12
    Last Post: January 2nd, 2009, 08:08
  3. Identifying crypto algorithm
    By DaBookshah in forum The Newbie Forum
    Replies: 9
    Last Post: July 13th, 2007, 02:50
  4. Identifying Encryption/Compression
    By -MIPs- in forum The Newbie Forum
    Replies: 4
    Last Post: January 19th, 2007, 04:47
  5. Identifying a protection
    By kaotix in forum The Newbie Forum
    Replies: 3
    Last Post: March 9th, 2005, 02:56

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •