Flag: Tornado! Hurricane!


Packer Name Packer Author Classification Analysis By Last Updated
UPX Markus & Laszlo Compressor quig July 17 2005
Allocation Anti-Debug Anti-Disassembly Section Name Sample
PE Header (UPX 0) no no UPX0, UPX1 N/A
Notes
IAT built at runtime Dlls loaded by loader one api entry per dll left

Transfer Command
61               POPAD
E9 [4Bytes]      JMP [offset]
Entry Point Signature
60                PUSHAD
BE   [4 Bytes]    MOV ESI[Value]
8DBE [4 bytes]    LEA EDI, DWORD PTR DS:[ESI+Value]
57                PUSH EDI
83CD FF           OR EBP, FFFFFFFF
EB 10             JMP SHORT [Relative Jump]
90                NOP
90                NOP
90                NOP
90                NOP
90                NOP
90                NOP
Known Unpackers
http://www.mycgiserver.com/~bratalarm/  - Good generic unpacker

------------------------------------------------------
//OllyScript Oep finder by shag
// The amazing UPX OEP finder v2
// This script will quickly put you at the OEP of an UPX-packed EXE.
// Just run it!
// Implemented using hardware breakpoints (just for fun).

eob Break 
findop eip, #61#
bphws $RESULT, "x"
run

Break:
sto 
sto
bphwc $RESULT
ret

There are 31,103 total registered users.


Recently Created Topics
How to view IDA Pro'...
Nov/02
reverse MC9S12DG128
Oct/07
Looking for an advan...
Mar/21
Ultimate Hacking Cha...
Jun/21
CreateMutex
May/31
let 'IDAPython' impo...
Sep/24
set 'IDAPython' as t...
Sep/24
GuessType return une...
Sep/20
About retrieving the...
Sep/07
How to find specific...
Aug/15


Recent Forum Posts
Looking for an advan...
tthtlc
Looking for an advan...
tthtlc
Looking for an advan...
clightning
Identify RVA data in...
sohlow
let 'IDAPython' impo...
sohlow
How to find specific...
hackgreti
Problem with ollydbg
sh3dow
How can I write olly...
sh3dow
New LoadMAP plugin v...
mefisto...
Intel pin in loaded ...
djnemo


Recent Blog Entries
nieo
Mar/22
Android Application Reversing

halsten
Mar/14
Breaking IonCUBE VM

oleavr
Oct/24
Anatomy of a code tracer

hasherezade
Sep/24
IAT Patcher - new tool for ...

oleavr
Aug/27
CryptoShark: code tracer ba...

More ...


Recent Blog Comments
nieo on:
Mar/22
IAT Patcher - new tool for ...

djnemo on:
Nov/17
Kernel debugger vs user mod...

acel on:
Nov/14
Kernel debugger vs user mod...

pedram on:
Dec/21
frida.github.io: scriptable...

capadleman on:
Jun/19
Using NtCreateThreadEx for ...

More ...


Imagery
SoySauce Blueprint
Jun 6, 2008

[+] expand

View Gallery (11) / Submit