Some Info about the Packer/Encrypter and Author... | Author: Vecna Homepage: None. Email: None. Size of Packer/Encrypter: 3.50 KB The Packer/Encrypter itself is Packed/Encrypted with PE Pack-Crypt . |
Author Words about the Packer/Encrypter... | There's no ReadMe or anything inside the programs .zip :) |
Features... | Compression. |
Special stuff the Decryption Routine uses... | None actually, but the Routine which sets the Sections characteristics is nice because i almost don't see that in any other Packer/Encrypter ;) |
The best API to Break on... | The best API to break on for the beginning: VirtualAlloc The best API to break on for the end: GetProcAddress |
Recognization of this Packer/Encrypter... | PE Pack-Crypt has it's own MZ/PE Header which means that it doesn't change much :) So you can check the name of the first section if it's: XXXXXXXX Or you can check at Raw Address: 000001E0 if there's the text: PE PACK\CRYPT by Vecna (c) 2001 But ofcourse it's never wise to only depend on the MZ/PE Header for checking, because it can easily be changed ;) |
Recognization Bytes... | FC 8B 35 70 01 40 00 83 EE 40 6A 40 68 00 30 10 |
OEP Jump... | mov eax, OEP jmp eax |