View Single Post
  #1  
Old 03-07-2006, 04:44
Cobi Cobi is offline
Friend
 
Join Date: Sep 2004
Location: Germany
Posts: 55
Rept. Given: 0
Rept. Rcvd 0 Times in 0 Posts
Thanks Given: 0
Thanks Rcvd at 1 Time in 1 Post
Cobi Reputation: 0
Unpacking - Tsunami MPEG DVD Author PRO

Hi,
Target: Tsunami MPEG DVD Author PRO 2.1.5.77
hxxp://download1.pegasys-inc.com/download_files/TDAP-retail-2.1.5.77-en.exe
This tool is coded in delphi and seems to be protected by some custom packer,

Sections:

CODE
DATA
BSS
.idata
.tls
.rdata
.reloc
.rsrc
PEGASYS0
PEGASYS1
PEGASYS2


011AF000 - 011B090B (PEGASYS2) Some Unpacking routines, no anti-debugging
011A1001 (PEGASYS0) Here i begin to loose track, IDA gets fooled and OllyDbg cant analyse it

Code:
011A1001   90               NOP
011A1002   60               PUSHAD
011A1003   E8 03000000      CALL DVDAutho.011A100B
011A1008  -E9 EB045D45      JMP 467714F8
011A100D   55               PUSH EBP
011A100E   C3               RETN
011A100F   E8 01000000      CALL DVDAutho.011A1015
011A1014   EB 5D            JMP SHORT DVDAutho.011A1073
011A1016   BB ECFFFFFF      MOV EBX,-14
After unpacking the CODE Section the Program creates a thread with a simple anti-debugging-loop (Thread-Proc: 004E1390)
but i cant spot the OEP

Can anyone help me please

Greetz,
Cobi

Last edited by Cobi; 03-07-2006 at 04:47.
Reply With Quote