RE FORUM

[REVERSE ENGINEERING] => General Discussion => Topic started by: DARKER on December 27, 2008, 02:24:50 PM

Title: ST Ultra Pack 2 v0.6s
Post by: DARKER on December 27, 2008, 02:24:50 PM

Na potulkach netom som nasiel jeden protector slovenskej vyroby:

This utility is designed for software developers. It can Pack Application (or DLL) with some cool functions (AntiDebugger, AntiDumper, AntiTracer, CRCCheck, EncryptImport, Small OEP Obfuscation, ...). Application is based on Delphi & Assembler and Loader is 100% pure assembler (more about loader code si in author's complement).

Homepage:

Code: [Select]

http://www.ssoft.wz.cz/index2sk.html
Download:

Code: [Select]

http://rapidshare.com/files/176674410/STUP2.zip
Zdroj: exetools

Title: Re: ST Ultra Pack 2 v0.6s
Post by: xexe on December 27, 2008, 09:22:58 PM

super, diky

Title: Re: ST Ultra Pack 2 v0.6s
Post by: HypnotiX on December 28, 2008, 09:15:24 PM

A funguje to nekomu??

Title: Re: ST Ultra Pack 2 v0.6s
Post by: llAmElliK on December 28, 2008, 09:30:49 PM

Quote from: HypnotiX

A funguje to nekomu??

Co konkretne myslis?
Po chvilkach "rejpani" se v tom uz to spustit nejde a process zere jako prase. (nejde spustit ani unpackME ani samotny packer)
Po restartu PC bezi zase OK.
Zkousel jsem to unpacknout, ale z tohodle duvodu mne to po chvili prestalo bavit....:mad:

Title: Re: ST Ultra Pack 2 v0.6s
Post by: Master on December 29, 2008, 10:02:05 AM

Takze ocividne krasny anti trik :)

Title: Re: ST Ultra Pack 2 v0.6s
Post by: HypnotiX on December 29, 2008, 08:19:29 PM

Quote from: HypnotiX

A funguje to nekomu??

Zkousel jsem to spustit na 2 PC a pokaze to spadlo na stejnem miste. Pada to na miste kde se zjistuje adresa MessageBox.

Title: Re: ST Ultra Pack 2 v0.6s
Post by: pr0p4g4nd4 on January 07, 2009, 11:10:22 AM

Nic extra  :)
Mne to funguje. Antitriky som ani nezbadal lebo o vsetko sa postarali pluginy(olly advanced + poison + phantom). Na OEP sa dostaneme cez PUSH/RETN - da sa lahko najst v pribehu par sekund. OEP je zmanglovany ze skoci na allokovanu cast pamati, kde sa nachadza povodny EP ale poriadne obfuskovany.

Cize, jedine co je tam take ze "lepsie" je obfuscation, aj ked si myslim ze autor pouziva nejaky engine z nejakeho viru(asi). A blbe je ze ten obfuscator zmenil delphi EP, kt ma defakt par desiatok bytov na niekolko tisic bytov(viacmenej :D). Takze je v tom bordel jako svina. Povodne cally na EP delsphi sa daju pekne obnovit(+ treba vyNOPovat vzdy dva push-y z kt sa vypocitava realny adresa callu). A este treba obnovit importy - chcel som to spravit rucne ale zistil som ze tych importov(BTW: na kazdy jeden import je alokovanych 1000h bytov alokovanej pamati - tomu sa povies mrhanie s pamatou) je ta strasne vela, tak to nema zmysel rucne to robit(trebalo by na to nejaky script ale scrity nevim robit  :p ). A to by malo byt hotovo - teda aspom dufam, ze by to fungovalo aj s obfuskovanym OEP.