Exetools  

Go Back   Exetools > General > General Discussion
Reload this Page ASProtect or UPX?
Register Forum Rules FAQ Calendar Mark Forums Read

Notices

Reply
 
Thread Tools Display Modes
  #1  
Old 12-13-2006, 15:28
deroko's Avatar
deroko deroko is offline
cr4zyserb
  
Join Date: Nov 2005
Posts: 217
Rept. Given: 13
Rept. Rcvd 30 Times in 14 Posts
Thanks Given: 7
Thanks Rcvd at 33 Times in 16 Posts
deroko Reputation: 30
Section .adata is common for asprotect and aspack, and because you have push/call/retn/retn at ep, it seems like asprotect. But be carful it might be fake signature
__________________
http://accessroot.com
Reply With Quote
  #2  
Old 12-14-2006, 11:02
b0yb4w4n9
 
Posts: n/a
Check the section characteristics.

For UPX, there are either 2 to 3 sections found. The third section is the resource section. The first section characteristic has a flag 0xE0000080, the second flag 0xE0000040. The resource section characteristic 0xC0000040.

For Asprotect/Aspack, all the sections have the characteristic 0xE0000040. There are 3 to 5 sections found. Default compression with Asprotect, the first two sections usually have blank names.

In addition to deroko's reply, there are 5 sections where the first two sections have blank names. It is indeed packed by Asprotect.
Reply With Quote
Reply

« Previous Thread | Next Thread »
Thread Tools
Display Modes
Hybrid Mode Hybrid Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Help with ASProtect 1.23 RC4 Perdition General Discussion 7 06-09-2004 01:48
New Asprotect?? loman General Discussion 7 02-04-2004 20:34


All times are GMT +8. The time now is 22:10.

Aaron's homepage - Top

Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX, chessgod101
( Since 1998 )