Wednesday, June 20, 2007

RL dePacker V1.4

hi
Generic unpacker support 92 packers

aUS [Advanced UPX Scrambler] 0.4 - 0.5
ASPack 1.x - 2.x 
AHPack 1.x
AlexProtector 1.x
ARMProtector 0.x 
BJFNT 1.3
BeRoEXEPacker 1.x
CryptoPeProtector 0.9x
CodeCrypt 0.16x
dot Fake Signer 3.x
dePack 
eXPressor 1.2.x - 1.5.x
EZip 1.0
EP Protector 0.3
Escargot 0.x
EXEStealth 2.x
FSG 1.xx & 2.0
Goat’s PE Mutilator 1.6
hmimys-Packer 1.x
HidePX 1.4
HidePE 2.1
JDPack 1.x
JDProtect 0.9
KByS Packer 0.2x
Krypton 0.x
LameCrypt 1.0
MEW 1.x
nSPack 2.x - 3.x
nPack 1.x
NeoLite 1.x - 2.0
NWCC 
OrIEN 2.1x
PECompact 1.x - 2.x
PeX 0.99
PC Shrink 0.71
Polyene 0.01
PackMan 0.0.0.1 & 1.0
PE Diminisher 0.1
PolyCrypt PE 2.1.5
PeTite 1.x
PEStubOEP 1.6
PELockNT 2.x
PePack 1.0
PC PE Encryptor alpha
PackItBitch
PEncrypt 4.0
PEnguinCrypt 1.0
PeLockNt 2.x
PeLock 1.0x
Perplex PE-Protector 1.x
PKLITE32 1.x
RLP 0.6.9 - 0.7.x
RLPack Basic Edition 1.x
RLPack Modifier Edition 1.x
ReCrypt 0.15 - 0.80
Stone`s PE Encryptor 2.0
StealthPE 2.1
Software Compress 1.x
SPLayer 0.08
ShrinkWarp 1.4
SPEC b3
SmokesCrypt 1.2
Simple UPX-Scrambler
SimplePack 1.x
SLVc0deProtector 1.x
tELock 0.x
UPX 0.8x - 2.x
UPXRedir
UPXCrypt
UPX Inkvizitor
UPXFreak 0.1
UPolyX 0.x
UPXLock 1.x
UG Chruncher 0.x
UPX-Scrambler RC 1.x
UPX Protector 1.0x
UPXShit 0.06 & 0.0.1
UPXScramb 2.x
VirogenCrypt 0.75
WWPack32 1.x
WinUPack 0.2x - 0.3x
Winkript 1.0
yC 1.x
yZPack 1.x - 2.x
32Lite 0.3a
!EP (ExE Pack) 1.x
[G!X]`s Protector 1.2

link:
Posted by REM at 14:51:03 | Permalink | Comments (1) »

Monday, June 18, 2007

QuickUnpack 1.0 final

hi
New version released, QuickUnpack 1.0 final.
v1.0 final
Unfortunately Feuerrader has left this project, so from now on I’m (Archer) is the only developer.
[!] several bugs fixed like possible tls corruption when removing sections or possible program crash when reading false relocations
[!] identifies dll according to the flag in the header instead of the extension
[!] improved import tracer doesn’t fail to trace emulated functions
[+] overlay append option added
[+] ability to disassemble import functions (if some function was emulated you may use this to identify the function)
[+] ability to add new library (allows to use import functions from the new library when editing import functions. also while loading the library the program stands at the OEP, so you can use your own library to do something with the import or with the program)
[+] ability to edit import functions (allows to fix some import functions by hand. the edit window supports typing function’s name on the keyboard along with the choosing it in the listbox)
[+] option to add suspicious functions (allows to add possibly emulated functions to the import table to fix them by hand later using new feature above. be warned that false functions may be also added and they must be removed)
[-] no more imprec dll (this method was rather buggy, others methods are more powerful, so I decided to remove this one)
Posted by REM at 22:25:08 | Permalink | No Comments »

Tuesday, June 12, 2007

Unpacker for Petite 2.1 and 2.2

hi
Unpacker for Petite 2.1 and 2.2 coded by mirz :).

What’s new in version 0.2b:

- I corrected verification of signature ( now it should work fine :) )
    ; ? = 2 bajty
    ;[PEtite v2.1=B8????6A?68????64FF35????648925????669C6050]
    ;[PEtite v2.2=B8????68????64FF35????648925????669C6050]
- I corrected reconstruction of import symbols ( Now it rebuilds such functions as LeaveCriticalSection etc. )
- unpack dll :)
- new dialog box :)
- manifest.xml is from MSDN library.

I tested him on several programs packed by me. 

How unpetite 0.2b work:
(files *.exe)
1. run program
2. It stops on access violation
3. then it searches jump to OEP
4. rebuild import symblos
5. dump and save file as unpacked.exe

(files *.dll)
1. ntdll.KiUserException is patched
2. loading of dll
3. It stops on access violation
4. then it searches jump to OEP and reconstruction of ntdll.KiUserException
5. rebuild import symblos
6. dump and save file as unpacked.dll

All notes, problems and errors send under address e-mail mirz@o2.pl .
Don’t forget, that program can have some errors else:)

Some programs, which was using for tests: 

- xmplay (thx bart)
- Cruehead Crackme1
- hexedit Geoffrey Prewett
- Lit 1.21 Marek Szykuç¿…
- RegCleaner4.3 by Juoni Vuorio
- CloneCD 5.2.6.1
- Winamp 5.08d
- WinIso v5.3
- WinRar 3.4

link:
Posted by REM at 12:56:41 | Permalink | No Comments »