Flag: Tornado!
Hurricane!
|
|
nPack v1.1 |
NEOx |
Compressor |
saphex |
January 24 2008 |
|
VirtualAlloc |
no |
no |
[configurable, default = .npack] |
N/A
|
|
Nothing special, just a simple compressor.
|
00000000 C7 05 ?? ?? ?? ?? 01 00 00 00 mov ds:value, 1
0000000A 01 05 ?? ?? ?? ?? add ds:value, eax
00000010 FF 35 ?? ?? ?? ?? push ds:value
00000015 C3 retn |
|
00000000 83 3D ?? ?? ?? ?? 00 cmp ds:value, 0
00000007 75 05 jnz short 0000000D
00000009 E9 01 00 00 00 jmp 0000000E
0000000D C3 retn
0000000E E8 ?? ?? ?? ?? call value
00000013 E8 ?? ?? ?? ?? call value |
|
A simple way to find the original entry point, is to add a
breakpoint in the transfer command (ret instruction), since
the transfer command is in the packer stub beginning. Just
single step it and you will be at the original entry point. |
|
|
|
There are 31,319 total registered users.
|
|