Fravia's TOOLS OF OUR TRADE Messageboard ~ Moderated
Re: New exe-packer - help needed
Friday, 15-Jan-99 07:50:27
Hi,
May be there are some ADT and/or anti dump tricks.. My humble suggestion is to analyse the loader and then try to build a procdump scripts.. in some case this approach works for me but there are some case that procdump can handle.
Can u post the url for this packer? i'm really interested in it 'cos i'm tring to learn more on this fashinating world of pe-packers/crypters.
And now question for procdump gurus:
I've downld the latest version (1.04) of NeoLite.. with this version the buidin procdump script doesn't work so i've coded a new one..
it seems to works flowlessy but with some packed exe the unpacked version doesn't work.
What i've missed??
This is the script:
[NeoLite 1.04]
L1=LOOK E8,EB,04
L2=BP
L3=WALK
L4=OBJR
L5=LOOK FF,55,22,89
L6=BP
L7=WALK
L8=LOOK E8,59,FA
L9=BP
LA=WALK
LB=OBJR
LC=LOOK C3
LD=BP
LE=WALK
LF=EIP
L10=ADD 5A
L11=BP
L12=MOVE 2F
L13=WALK
L14=ADD 54C
L15=BP
L16=WALK
L17=EIP
L18=ADD 7
L19=BP
L1A=WALK
L1B=EIP
L1C=STEP
Tnx in advance,
kill3xx
kill3xx