Exetools  

Go Back   Exetools > General > General Discussion

Notices

Reply
 
Thread Tools Display Modes
  #1  
Old 04-12-2017, 23:51
elephant elephant is offline
Friend
 
Join Date: Feb 2005
Posts: 89
Rept. Given: 2
Rept. Rcvd 26 Times in 13 Posts
Thanks Given: 130
Thanks Rcvd at 107 Times in 37 Posts
elephant Reputation: 26
Post How to develop an unpacker - The StarForce case

Very cool presentation, published on the 7th April 2017 by Eloi Vanderbeken at the Sthack security conference in Bordeaux, about unpacking StarForce:

http://www.synacktiv.ninja/ressource..._synacktiv.pdf

This unpacker is based on DLL injection and take care of recovering the OEP, API redirection, stolen bytes, debugger detection and hide from debugger routines.
Reply With Quote
The Following User Says Thank You to elephant For This Useful Post:
besoeso (04-13-2017)
  #2  
Old 04-13-2017, 01:18
evlncrn8 evlncrn8 is offline
VIP
 
Join Date: Sep 2005
Posts: 179
Rept. Given: 36
Rept. Rcvd 54 Times in 24 Posts
Thanks Given: 49
Thanks Rcvd at 117 Times in 69 Posts
evlncrn8 Reputation: 54
was more starforce proactive (which is weak as hell) as opposed to the real (disk) one so a bit 'meh'.. and in all his 'research' how come he didnt notice the flaw in starforces api 'rewrite' code where if you detoured all the exported functions to ff 25 xx xx xx xx ones it copied them verbatim, thus making the api resolution very very simple... and this information was known in 2003 or so when i found it...
Reply With Quote
The Following User Says Thank You to evlncrn8 For This Useful Post:
TechLord (04-13-2017)
  #3  
Old 04-13-2017, 09:58
mr.exodia mr.exodia is offline
Retired Moderator
 
Join Date: Nov 2011
Posts: 784
Rept. Given: 492
Rept. Rcvd 1,122 Times in 305 Posts
Thanks Given: 90
Thanks Rcvd at 711 Times in 333 Posts
mr.exodia Reputation: 1100-1299 mr.exodia Reputation: 1100-1299 mr.exodia Reputation: 1100-1299 mr.exodia Reputation: 1100-1299 mr.exodia Reputation: 1100-1299 mr.exodia Reputation: 1100-1299 mr.exodia Reputation: 1100-1299 mr.exodia Reputation: 1100-1299 mr.exodia Reputation: 1100-1299
not everybody has friends in the scene
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Particular Case of RAR Password Cracking TmC General Discussion 5 03-05-2018 08:00
How can I develop Hook program? tumtum General Discussion 1 02-09-2004 03:08


All times are GMT +8. The time now is 12:59.


Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX, chessgod101
( 1998 - 2024 )