Manual Unpacking Tutorial... | Manual UnPacking (MUP) of VGCrypt v0.75 Beta |
Source Code... | VGCrypt v0.75 Beta Source Code |
Some Info about the Packer/Encrypter and Author... | Author: Virogen Homepage: None. Email: vgen@hotmail.com Size of Packer/Encrypter: 8.50 KB The Packer/Encrypter itself is Packed/Encrypted 4 times with VGCrypt v0.75 Beta. |
Author Words about the Packer/Encrypter... | This is a fairly simple PE encryptor I wrote up. I commented everything that is relavent to PE appendation or insertion, more so than I needed to even. The most interesting feature of this encryptor is that it attempts to find a location to insert itself between object virtual size and the next file alignment boundary, thus not changing the physical file size. |
Features... | - three types of PE parasticality 1) install in cave - no physical size increase 2) append to last object 3) create new object - full win95/98/NT compliant - does not add new object unless you want to - stores correct new checksum of PE executable - preserves original file data/time and attributes - prompts u to encrypt again if file already encrypted, you can encrypt a file as many times as you want. Of course, eventually you will run out of available caves and the filesize will start increasing. |
Special stuff the Decryption Routine uses... | It uses one SEH Handler, and some Self-Decryption. |
The best API to Break on... | None. This Encrypter isn't using any API's in the Decryption Routine. |
Recognization of this Packer/Encrypter... | The best way to check if a File has been Encrypted with VGCrypt v0.75 Beta, is to see if (At PE+0C) there's a Dword containing the Values 90909090 (But this can easily been changed Manually ofcourse ;) |
Recognization Bytes... | 9C 55 E8 EC 00 00 00 87 D5 5D 60 87 D5 80 BD 15 |
OEP Jump... | jmp OEP |