Flag: Tornado! Hurricane!


Packer Name Packer Author Classification Analysis By Last Updated
UPX Markus & Laszlo Compressor quig July 17 2005
Allocation Anti-Debug Anti-Disassembly Section Name Sample
PE Header (UPX 0) no no UPX0, UPX1 N/A
Notes
IAT built at runtime Dlls loaded by loader one api entry per dll left

Transfer Command
61               POPAD
E9 [4Bytes]      JMP [offset]
Entry Point Signature
60                PUSHAD
BE   [4 Bytes]    MOV ESI[Value]
8DBE [4 bytes]    LEA EDI, DWORD PTR DS:[ESI+Value]
57                PUSH EDI
83CD FF           OR EBP, FFFFFFFF
EB 10             JMP SHORT [Relative Jump]
90                NOP
90                NOP
90                NOP
90                NOP
90                NOP
90                NOP
Known Unpackers
http://www.mycgiserver.com/~bratalarm/  - Good generic unpacker

------------------------------------------------------
//OllyScript Oep finder by shag
// The amazing UPX OEP finder v2
// This script will quickly put you at the OEP of an UPX-packed EXE.
// Just run it!
// Implemented using hardware breakpoints (just for fun).

eob Break 
findop eip, #61#
bphws $RESULT, "x"
run

Break:
sto 
sto
bphwc $RESULT
ret

There are 30,779 total registered users.


Recently Created Topics
Intel pin in loaded ...
Jun/27
Going to do today wi...
Jun/27
how to create delphi...
Jun/27
enabling menu in a s...
Jun/18
How to get the Image...
Jun/17
OllyDBG Process Term...
Apr/28
Reversing opcode
Apr/24
Question about debbu...
Apr/16
IDA PRO Struct Point...
Apr/15
Problem with ollydbg
Mar/22


Recent Forum Posts
Intel pin in loaded ...
djnemo
OOP_RE tool available?
Bl4ckm4n
OOP_RE tool available?
van7hu
Should binaries be n...
Kolisar
Problem with ollydbg
nullx42
!findtrampoline Immu...
skycrack
looking for a softwa...
raxen
Documenting reversed...
raxen
.orpc section what's...
mbin
Pydbg load() issue
phreak


Recent Blog Entries
oleavr
Jun/25
Build a debugger in 5 minutes

oleavr
Apr/17
frida.re 1.2.0 is out, with...

gareebnavas
Jan/21
Android Malware Analysis

oleavr
Dec/21
frida.github.io: scriptable...

chr1x
Nov/05
!apilookup - Win32 API Func...

More ...


Recent Blog Comments
pedram on:
Dec/21
frida.github.io: scriptable...

capadleman on:
Jun/19
Using NtCreateThreadEx for ...

newlulu on:
Jun/10
Branch tracing and LBR acce...

newlulu on:
Jun/10
Advanced debugging techniques

newlulu on:
Jun/10
2 anti-trace mechanisms spe...

More ...


Imagery
SoySauce Blueprint
Jun 6, 2008

[+] expand

View Gallery (11) / Submit