PDA

View Full Version : CipherWall Decrypter/Self-Extractor ???


DeViaN
August 18th, 2007, 09:24
Hello everybody

Do anybody have any experince with this compressor/enrypter ???.

I have one target (created in delphi) which I need to analyse,I tried to dump that by PE Editor and then rebuild import table by ImpRec,but that all was unsuccessfull....

I also tried to use QuickUnpack,it found oep (I think correct),its able to unpack that but program only blink and then main window dissappeared.

When I thought that I unpacked that successfully,I tried to decompile that with DeDe,but it found only units which were used,nothing more.

So I tried to look at resources via ResHacker,but it reported that pe is still encrypted/compressed.


Any help please ?? Tips ? I"ll appreciate any help...

Thank you so much.


LLXX
August 19th, 2007, 00:17
Trying arbitary pre-made solutions is not considered thinking, nor is saying that Google doesn't provide much information an excuse.

Try THINKING about how your particular protection works and study the unpacking of other packers to understand the process.

naides
August 19th, 2007, 06:05
Quote:
[Originally Posted by DeViaN;67861]Hello everybody

I also tried to use QuickUnpack,it found oep (I think correct),its able to unpack that but program only blink and then main window disappeared.

?? Tips ? I"ll appreciate any help...

Thank you so much.



Here is a tip: The "unpacked" program loads, but almost immediately quits(main window disappears).
The packed program does not quit, it keeps going.

Trace both programs, starting from the OEP, with Olly. Try to figure out where the unpacked one decides to quit while the packed goes its merry way. The fact that the unpacked quits cleanly instead of eliciting an OS error message suggests to me that the program closing is a deliberate act, perhaps in response to file integrity checks or a safety device of similar nature.

Be aware that Olly's value is somewhat limited for tracing Delphi, but these sort of diagnostics are very doable with the debugger.