Flag: Tornado! Hurricane!


Packer Name Packer Author Classification Analysis By Last Updated
UPX Markus & Laszlo Compressor quig July 17 2005
Allocation Anti-Debug Anti-Disassembly Section Name Sample
PE Header (UPX 0) no no UPX0, UPX1 N/A
Notes
IAT built at runtime Dlls loaded by loader one api entry per dll left

Transfer Command
61               POPAD
E9 [4Bytes]      JMP [offset]
Entry Point Signature
60                PUSHAD
BE   [4 Bytes]    MOV ESI[Value]
8DBE [4 bytes]    LEA EDI, DWORD PTR DS:[ESI+Value]
57                PUSH EDI
83CD FF           OR EBP, FFFFFFFF
EB 10             JMP SHORT [Relative Jump]
90                NOP
90                NOP
90                NOP
90                NOP
90                NOP
90                NOP
Known Unpackers
http://www.mycgiserver.com/~bratalarm/  - Good generic unpacker

------------------------------------------------------
//OllyScript Oep finder by shag
// The amazing UPX OEP finder v2
// This script will quickly put you at the OEP of an UPX-packed EXE.
// Just run it!
// Implemented using hardware breakpoints (just for fun).

eob Break 
findop eip, #61#
bphws $RESULT, "x"
run

Break:
sto 
sto
bphwc $RESULT
ret

There are 30,964 total registered users.


Recently Created Topics
let 'IDAPython' impo...
Sep/24
set 'IDAPython' as t...
Sep/24
GuessType return une...
Sep/20
About retrieving the...
Sep/07
How to find specific...
Aug/15
How to get data depe...
Jul/07
Identify RVA data in...
May/06
Immunity Debugger Re...
Aug/03
Question about memor...
Dec/12
How can i find conne...
Nov/27


Recent Forum Posts
How to find specific...
hackgreti
Problem with ollydbg
sh3dow
How can I write olly...
sh3dow
New LoadMAP plugin v...
mefisto...
Intel pin in loaded ...
djnemo
OOP_RE tool available?
Bl4ckm4n
OOP_RE tool available?
van7hu
Should binaries be n...
Kolisar
Problem with ollydbg
nullx42
!findtrampoline Immu...
skycrack


Recent Blog Entries
nieo
Mar/22
Android Application Reversing

halsten
Mar/14
Breaking IonCUBE VM

oleavr
Oct/24
Anatomy of a code tracer

hasherezade
Sep/24
IAT Patcher - new tool for ...

oleavr
Aug/27
CryptoShark: code tracer ba...

More ...


Recent Blog Comments
nieo on:
Mar/22
IAT Patcher - new tool for ...

djnemo on:
Nov/17
Kernel debugger vs user mod...

acel on:
Nov/14
Kernel debugger vs user mod...

pedram on:
Dec/21
frida.github.io: scriptable...

capadleman on:
Jun/19
Using NtCreateThreadEx for ...

More ...


Imagery
SoySauce Blueprint
Jun 6, 2008

[+] expand

View Gallery (11) / Submit