Exetools  

Go Back   Exetools > General > General Discussion
Reload this Page Perplexing in determining packers
Register Forum Rules FAQ Calendar Mark Forums Read

Notices

Reply
 
Thread Tools Display Modes
  #1  
Old 11-26-2011, 15:43
PhreakAccident
 
Posts: n/a
It does look like a form of WinLicense. I used the demo of the latest one to protect the RegisterMe.exe file from Lena's tutorial. While the first part of the code at EP is different, the decrypt is identical.

Code:
005EB05C     85C9               TEST ECX,ECX
005EB05E     74 0A              JE SHORT Register.005EB06A
005EB060     3106               XOR DWORD PTR DS:[ESI],EAX
005EB062     011E               ADD DWORD PTR DS:[ESI],EBX
005EB064     83C6 04           ADD ESI,4
005EB067     49                  DEC ECX
005EB068   ^ EB F2             JMP SHORT Register.005EB05C
The decrypt routine starts at 005EB05C and the decrypted code sits starting at 0051A000. The routine is spot on. Now I just have to work on the manual unpack. Much thanks for the lead!
Reply With Quote
Reply

« Previous Thread | Next Thread »
Thread Tools
Display Modes
Hybrid Mode Hybrid Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
MAC OSX Packers omidgl General Discussion 1 06-21-2011 05:39
determining packer version on packed exe rix General Discussion 10 10-15-2003 18:59
Packers SLIM SLIM General Discussion 9 12-02-2002 23:54


All times are GMT +8. The time now is 22:08.

Aaron's homepage - Top

Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX, chessgod101
( Since 1998 )