Post Reply 
 
Thread Rating:
  • 0 Votes - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Work in progress
08-13-2014, 10:46 (This post was last modified: 08-13-2014 11:47 by don.)
Post: #1
Lightbulb Work in progress

+ Molebox VS v4.5462
---------------------------------------------------
Finding OEP: CTRL+F "JMP EAX", F2, F9, F8, CTRL+F "JMP EAX", F2, F9, F8
Fixing IAT: Not working due to damaged IAT (need to track down and patch)...
---------------------------------------------------
+ Orien 2.11
---------------------------------------------------
Finding OEP: Easy
Fixing IAT: Some imports are damaged. Can be resolved manually with ease (by patching target binary) but no generic solution (e.g. magic jump) found yet
---------------------------------------------------
+ PELock 1.0694
---------------------------------------------------
No research done yet
---------------------------------------------------
ReCrypt 0.80
---------------------------------------------------
No research done yet
---------------------------------------------------
tElock 0.98
---------------------------------------------------
No research done yet
---------------------------------------------------
VPacker 0.02.10
---------------------------------------------------
Finding OEP: Step over first instruction, F7 to enter call. Search for binary (CTRL+B) "60 50 CC" (PUSHAD, PUSH EAX, INT3) and BP (F2) on first instruction. F9 und once it halts F8 3 times. Exception gets raised (in ntdll). Now CTRL+F "CALL ECX" and BP on this call (F2). F9 and after it halted F8 (Step over). OEP reached. (CTRL+A for analysis)
Fixing IAT: No research done yet, manual fix required tho
---------------------------------------------------
Find all posts by this user
Quote this message in a reply
Post Reply 
User(s) browsing this thread:
1 Guest(s)

Forum Jump: