Flag: Tornado! Hurricane!


Packer Name Packer Author Classification Analysis By Last Updated
nPack v1.1 NEOx Compressor saphex January 24 2008
Allocation Anti-Debug Anti-Disassembly Section Name Sample
VirtualAlloc no no [configurable, default = .npack] N/A
Notes
Nothing special, just a simple compressor.

Transfer Command
00000000 C7 05 ?? ?? ?? ?? 01 00 00 00   mov     ds:value, 1
0000000A 01 05 ?? ?? ?? ??               add     ds:value, eax
00000010 FF 35 ?? ?? ?? ??               push    ds:value
00000015 C3                              retn
Entry Point Signature
00000000 83 3D ?? ?? ?? ?? 00            cmp     ds:value, 0
00000007 75 05                           jnz     short 0000000D
00000009 E9 01 00 00 00                  jmp     0000000E
0000000D C3                              retn
0000000E E8 ?? ?? ?? ??                  call    value
00000013 E8 ?? ?? ?? ??                  call    value
Known Unpackers
A simple way to find the original entry point, is to add a
breakpoint in the transfer command (ret instruction), since
the transfer command is in the packer stub beginning. Just
single step it and you will be at the original entry point.

There are 30,779 total registered users.


Recently Created Topics
Intel pin in loaded ...
Jun/27
Going to do today wi...
Jun/27
how to create delphi...
Jun/27
enabling menu in a s...
Jun/18
How to get the Image...
Jun/17
OllyDBG Process Term...
Apr/28
Reversing opcode
Apr/24
Question about debbu...
Apr/16
IDA PRO Struct Point...
Apr/15
Problem with ollydbg
Mar/22


Recent Forum Posts
Intel pin in loaded ...
djnemo
OOP_RE tool available?
Bl4ckm4n
OOP_RE tool available?
van7hu
Should binaries be n...
Kolisar
Problem with ollydbg
nullx42
!findtrampoline Immu...
skycrack
looking for a softwa...
raxen
Documenting reversed...
raxen
.orpc section what's...
mbin
Pydbg load() issue
phreak


Recent Blog Entries
oleavr
Jun/25
Build a debugger in 5 minutes

oleavr
Apr/17
frida.re 1.2.0 is out, with...

gareebnavas
Jan/21
Android Malware Analysis

oleavr
Dec/21
frida.github.io: scriptable...

chr1x
Nov/05
!apilookup - Win32 API Func...

More ...


Recent Blog Comments
pedram on:
Dec/21
frida.github.io: scriptable...

capadleman on:
Jun/19
Using NtCreateThreadEx for ...

newlulu on:
Jun/10
Branch tracing and LBR acce...

newlulu on:
Jun/10
Advanced debugging techniques

newlulu on:
Jun/10
2 anti-trace mechanisms spe...

More ...


Imagery
SoySauce Blueprint
Jun 6, 2008

[+] expand

View Gallery (11) / Submit