PeX v0.99

Manual Unpacking Tutorial... Manual UnPacking (MUP) of PeX v0.99
Source Code... PeX v0.99 Source Code
Some Info about the Packer/Encrypter and Author... Author: Bart
Homepage: None.
Email: cryogen@poland.com
Size of Packer/Encrypter: 13.0 KB
The Packer/Encrypter itself is Packed/Encrypted with PeX v0.99 .
Author Words about the Packer/Encrypter... PeX is simple pe packer&protector.Its compatibile with Win95/98/NT.
Features... code,data,import compression(based on APLIB v0.26b by Joergen Ibsen)&encryption
new technique was developed to increase compression ratio
protection against cracking&reverse engeenering
bpx protection
import table handling
advanced import table protection
relocation wiping
antidebugging stuff(compatibile with Win95/98/NT)
antiracers code
auto configuration saving(registry HKEY_CURRENT_USER\Software\PeX)
Special stuff the Decryption Routine uses... It uses the "Magic Values" in SI and DI. (FG/JM)
It uses 2 Structured Exception Handlers. (One with the Magic Values, and one using an UnDefined Opcode 2 ;)
Import Table Redirection.
The best API to Break on... The best API to break on for the beginning: VirtualAlloc
The best API to break on for the end: VirtualFree+1

A little note here, because of those Magic Values you can't put a Breakpoint on these API's. So better "disable" the magic first ... ;)
Recognization of this Packer/Encrypter... You can recognize this Packer/Encrypter by searching for the text:

"PeX (c) by bart^CrackPl beta release" (Without the quotes)

Recognization Bytes... E9 F5 00 00 00 0D 0A C4 C4 C4 C4 C4 C4 C4 C4 C4
OEP Jump... push OEP
pop eax
inc eax
push eax
ret


If you can add any kind of information for this page (Like Homepage/Email of the Author) then send me a Email

Don't trust the Outside, trust the InSiDe !!!

CoDe_InSiDe