Results 1 to 3 of 3

Thread: QuickUnpack DLL release

  1. #1
    Super Moderator Shub-nigurrath's Avatar
    Join Date
    May 2004
    Location
    Obscure Kadath
    Posts
    430

    QuickUnpack DLL release

    Well,
    this fine release is a Dll version of the already released QUnpack program, from FEUERRADER of AHTeam (http://www.exetools.com/forum/showthread.php?t=4611&page=1&pp=15).

    What I did is to transform it into a DLL and to improve the whole code robustness and functionality..

    The main purpose of such a dll is to create complex patchers that would unpack on the fly the programs on the target PC, then apply byte changes to crack the program. Of course is much more useful where inline patching is not possible..

    Hope will be useful!

    Please give it a try and let me know, this is the first version and suggestions/criticism (if not offensive ) are welcome!


    What it does:
    -------------
    The Dll works almost as the original Qunpack program. Essentially what is done is:

    set some hardware breakpoint into the debugged process
    find the OEP, using some custom method (if the target program is packed by FSG 1.33, ASPack 2.12 or UPX 1.2x, the OEP is found using an own technology) or the code of the GenOEP.dll (included inside)
    dump process to previously allocated buffer.
    rebuild dump and realign it.
    rebuild the import table (using some code taken from ImpRec)

    How to use in your own program:
    ------------------------------
    This is the protototype of the main function

    Code:
    int __stdcall UnpackFile(char* InName, char* OutName, BOOL AutoOEP, DWORD realOEP, char **pLog_buff);
    Here below instead a code sniplet of how to use the DLL in you programs:

    Code:
      char *infile_buff=NULL; // it's the buffer pointing to the file to be unpacked
      char *outfile_buff=NULL;  // it's the buffer pointing to the file where to store unpacked file.
      char *log_buff=NULL; // it's the buffer storing the log.
      BOOL autoOEP=TRUE;
      DWORD realOEP=FALSE;
    
      //TODO: Init above buffers and values as you want..
      
      UnpackFile(infile_buff, outfile_buff, autoOEP, realOEP, &log_buff);
      	
      // Writes to a file the log_buff filled and allocated by the UnpackFile API!
      // Note that the main program has to wait untill the threads launched by 
      // UnpackFile() is terminated.
      // GetLog() returns a not NULL value only when the hard work is finished.
      // You might consider placing this loop into a separate thread of the main 
      // application, just not to block the user interface too long.
      // NB. Remember to free the allocated buffer!
    
      while(GetLog(NULL)==NULL);
    	
      FILE *fp=NULL;
      if(log_buff!=NULL)
        if((fp=fopen(".\\Unpacking_log.txt","w"))!=NULL) {
          fprintf(fp,log_buff);
          free(log_buff); //really important, remember to free the buffer!
          log_buff=NULL;
          fclose(fp);
          fp=NULL;
        }
    Help function:
    --------------
    whenever you choose to pass the OEP to the function directly, usually you might have to convert it from a string representation to a real HEX value (usually it's inserted from an edibox).
    Just for reference you might use this function that converts an hex value from string representation

    Code:
    //added to convert an exadecimal string to an hex value
    unsigned char HEX_2_INT_TABLE[] = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 
                0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 
                0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 2, 3, 4, 5, 
                6, 7, 8, 9, 0, 0, 0, 0, 0, 0, 0, 10, 11, 12, 13, 14, 15, 0, 0, 
                0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 
                0, 0, 0, 10, 11, 12, 13, 14, 15, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 
                0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0};
    
    int hexstr2int(char *hexstr) {
        register unsigned int length, i, value, shift;
        for (length = 0; length < 9; length++) if (!hexstr[length]) break;
        shift = (length - 1) * 4;
        for (i = value = 0; i < length; i++, shift -= 4) value += HEX_2_INT_TABLE[(unsigned int)hexstr[i] & 127] << shift;
        return value;
    }
    Belongs and Greetings:
    ----------------------
    The DLL contains the code coming from some already existing DLLs. Those DLLs have been transformed into library files and directly linked to the Qunpack.dll to reduce external files dependency.
    Those files are
    NDump.dll and RebPE32.dll which belongs to NEOx [uinC].
    GenOEP.dll by snaker
    Force.dll by FEUERRADER

    Thanks again to FEUERRADER and to AHTeam members..


    Distribution:
    -------------
    You may redistribute as you want the DLL, but please remember to give credits to the guys I mentioned and to me also!
    If you witsh you can also include the present documentation and header files.

    History:
    --------

    • 1.0 [+] initial release
    • 1.1
      • [-] fixed a bug when realOEP is given
      • [+] added some details in the log file
      • [+] modified the little client
      • [+] modified the readme and added some more explanations
    • 1.2 [+] eliminated the need for any external dll, now Qunpack.dll can works without any external dll
    Attached Files Attached Files
    Last edited by Shub-nigurrath; September 3rd, 2004 at 07:32.
    (`._.[*~-.,.-~* ŜħůβŇĝŕřāŧħ ₪*~-.,.-~*]._.)
    There are only 10 types of people in the world: Those who understand binary, and those who don't
    http://www.accessroot.com

  2. #2
    We are, of course, happy to have your efforts posted here as well.

    Thanks again.

    Regards,
    JMI

  3. #3
    Super Moderator Shub-nigurrath's Avatar
    Join Date
    May 2004
    Location
    Obscure Kadath
    Posts
    430
    Hi,
    upgraded to version 1.2, see the original post

    History:
    --------
    • 1.0 [+] initial release
    • 1.1
      • [-] fixed a bug when realOEP is given
      • [+] added some details in the log file
      • [+] modified the little client
      • [+] modified the readme and added some more explanations
    • 1.2 [+] eliminated the need for any external dll, now Qunpack.dll can works without any external dll
    Last edited by Shub-nigurrath; September 3rd, 2004 at 07:37.
    (`._.[*~-.,.-~* ŜħůβŇĝŕřāŧħ ₪*~-.,.-~*]._.)
    There are only 10 types of people in the world: Those who understand binary, and those who don't
    http://www.accessroot.com

Similar Threads

  1. GCB engine release.
    By Indy in forum Mini Project Area
    Replies: 35
    Last Post: February 28th, 2011, 22:40
  2. TraceHook v0.0.1 release
    By j00ru vx tech blog in forum Blogs Forum
    Replies: 0
    Last Post: August 30th, 2009, 18:10
  3. IDA v5.4 release is not that far away
    By Hex Blog in forum Blogs Forum
    Replies: 2
    Last Post: January 23rd, 2009, 19:16
  4. [ARTeam] QuickUnpack CFF Explorer Extension v.10, by Shub-Nigurrath
    By Shub-nigurrath in forum Tools of Our Trade (TOT) Messageboard
    Replies: 1
    Last Post: January 24th, 2008, 06:48
  5. OllyDump v2.11.108 release
    By Gigapede in forum Plugins (General)
    Replies: 24
    Last Post: March 25th, 2004, 13:08

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •