| AntiDeb |
unknown |
Crypter |
quig |
July 1 2005 |
 |
| peheader |
yes |
no |
.text and blank |
n/a
|
|
Last Update: now
small packer ~300bytes, ep just before import table, jmps over import data to rest of code, uses isDebuggerPresent twice, more or less straight line function, with one seh call , mucks with peb so cant dump with lordpe, use ollydmp
|
|
push oep ;@ far bottom of code of main function
ret ; has to self decrypt first..
|
|
|
0040C000 > EB 58 JMP SHORT 0040C05A
0040C002 87DB XCHG EBX,EBX
0040C004 39C0 CMP EAX,EAX
0040C006 0000 ADD BYTE PTR DS:[EAX],AL
0040C008 0000 ADD BYTE PTR DS:[EAX],AL
0040C00A 0000 ADD BYTE PTR DS:[EAX],AL
0040C00C 0000 ADD BYTE PTR DS:[EAX],AL
0040C00E 0000 ADD BYTE PTR DS:[EAX],AL
0040C010 2C C0 SUB AL,0C0 |
|
|
|
|
![[+] expand](/imagery/files/soysauce_blueprint.gif){kind=link}