private exe protector unpacking?
hello everyone,
i was looking at a binary protected with private exe protector, cant find any tutorials, can anyone push me in right direction? if not resources than any hints? thank you |
literally if you enter "private exe protector manual unpacking tutorial" into google, this is the first hit:
http://185.62.190.110/accessroot/arteam/site/download.php?view.330 For v3 though. Much of it applies also to v4. Dont know about v5. |
i tried got some references on tuts4you but no accessroot site!
sorry i didn't mention version i was looking for v4, thank you for the reference though. the pdf is about unpacking the protector not a target packed through it? |
Quote:
you will have to see how much applies to your specific target. |
also i reached till import resolver on my own though!!
after that i get access violation!! |
the target i have has no trial just the nag, i don't think i will be able to reach oep as you have mentioned in the text, what should be the approach now?
|
Quote:
Quote:
PM me the target, but I am on the road right now, so dont idle and count on me... |
thanks for the gesture man, its ok i will try it for my self for now..
so i think there is a confusion, do pep provide a registration scheme dialog box or something like that? cause i have a window where it says unregistered, and enter user and key, and gives a reference to a hwid, i think its coded in delphi but i am not sure its part of the protection or the real program, does pep provides a licensing mechanism? p.s. have a safe journey man! |
Yes, pep provides something like that, but of course the program might be providing its own form. Good luck!
|
tracing backwards from NtTerminateProcess Call, i figured out ntcontinue api calls are being used to make following the code difficult, if u came across in pep ntcontinue as any standard trick like running vm wrapping arround ntcontinue, please enlighten!
thank you! |
Hi
You can use this patterns : Quote:
BR, h4sh3m |
ok i will try, target is 4 i dont know exactly which version! will report
|
pattern search for 4.2.5 gave me this
Code:
push ebp |
and setting eax to zero does.. ?
|
nop zero makes it directly exit!, no form nothing appears. i also tried to nop all opcodes which are in pattern, but no luck!
|
All times are GMT +8. The time now is 15:23. |
Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2024, vBulletin Solutions, Inc.
Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX