Manual Unpacking Tutorial... | Manual UnPacking (MUP) of PeX v0.99 |
Source Code... | PeX v0.99 Source Code |
Some Info about the Packer/Encrypter and Author... | Author: Bart Homepage: None. Email: cryogen@poland.com Size of Packer/Encrypter: 13.0 KB The Packer/Encrypter itself is Packed/Encrypted with PeX v0.99 . |
Author Words about the Packer/Encrypter... | PeX is simple pe packer&protector.Its compatibile with Win95/98/NT. |
Features... | code,data,import compression(based on APLIB v0.26b by Joergen Ibsen)&encryption new technique was developed to increase compression ratio protection against cracking&reverse engeenering bpx protection import table handling advanced import table protection relocation wiping antidebugging stuff(compatibile with Win95/98/NT) antiracers code auto configuration saving(registry HKEY_CURRENT_USER\Software\PeX) |
Special stuff the Decryption Routine uses... | It uses the "Magic Values" in SI and DI. (FG/JM) It uses 2 Structured Exception Handlers. (One with the Magic Values, and one using an UnDefined Opcode 2 ;) Import Table Redirection. |
The best API to Break on... | The best API to break on for the beginning: VirtualAlloc The best API to break on for the end: VirtualFree+1 A little note here, because of those Magic Values you can't put a Breakpoint on these API's. So better "disable" the magic first ... ;) |
Recognization of this Packer/Encrypter... | You can recognize this Packer/Encrypter by searching for the text:
"PeX (c) by bart^CrackPl beta release" (Without the quotes) |
Recognization Bytes... | E9 F5 00 00 00 0D 0A C4 C4 C4 C4 C4 C4 C4 C4 C4 |
OEP Jump... | push OEP pop eax inc eax push eax ret |