Exetools  

Go Back   Exetools > General > General Discussion

Notices

 
 
Thread Tools Display Modes
Prev Previous Post   Next Post Next
  #1  
Old 03-07-2006, 04:44
Cobi Cobi is offline
Friend
 
Join Date: Sep 2004
Location: Germany
Posts: 55
Rept. Given: 0
Rept. Rcvd 0 Times in 0 Posts
Thanks Given: 0
Thanks Rcvd at 1 Time in 1 Post
Cobi Reputation: 0
Unpacking - Tsunami MPEG DVD Author PRO

Hi,
Target: Tsunami MPEG DVD Author PRO 2.1.5.77
hxxp://download1.pegasys-inc.com/download_files/TDAP-retail-2.1.5.77-en.exe
This tool is coded in delphi and seems to be protected by some custom packer,

Sections:

CODE
DATA
BSS
.idata
.tls
.rdata
.reloc
.rsrc
PEGASYS0
PEGASYS1
PEGASYS2


011AF000 - 011B090B (PEGASYS2) Some Unpacking routines, no anti-debugging
011A1001 (PEGASYS0) Here i begin to loose track, IDA gets fooled and OllyDbg cant analyse it

Code:
011A1001   90               NOP
011A1002   60               PUSHAD
011A1003   E8 03000000      CALL DVDAutho.011A100B
011A1008  -E9 EB045D45      JMP 467714F8
011A100D   55               PUSH EBP
011A100E   C3               RETN
011A100F   E8 01000000      CALL DVDAutho.011A1015
011A1014   EB 5D            JMP SHORT DVDAutho.011A1073
011A1016   BB ECFFFFFF      MOV EBX,-14
After unpacking the CODE Section the Program creates a thread with a simple anti-debugging-loop (Thread-Proc: 004E1390)
but i cant spot the OEP

Can anyone help me please

Greetz,
Cobi

Last edited by Cobi; 03-07-2006 at 04:47.
Reply With Quote
 

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
"Error while unpacking program, code LP5. Please report to author." gokilaravee General Discussion 2 06-01-2011 14:34


All times are GMT +8. The time now is 20:06.


Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX, chessgod101
( 1998 - 2024 )