EXECryptor
 

Has anyone messed with it? It claims to be able to metamorph any protected code (in addition to "normal" anti-whatever). However, I was unable to even run it (without any debugger), the downloadable installer crashed during setup ;)
strongbit.com/execryptor.asp

Do you have any target or unpackme protected by Execryptor2.0?
I tried it on my pc and always get a crashed result with the protected
program.

Unpacking the packer itself is too time-comsuming and difficult to me. ;)
It used TLS callback function to get control before reaching the EP,so
you must set the breakpoint at right time. :)

I had posted a unpackme in kanxue studio,but no one can unapck it

try

http://bbs.pediy.com/showthread.php?s=&threadid=3707

this one is packed by full version

OK,I'll try,I hope i'm lucky enough. :D

And the guy named moon seemed to
have got it?

I can trace it only with spare time and it might cost
a long time for me. I'm not sure if i can do it. :D

At first i wish to unpack it rapidly with some
trick like memory access breakpoint and failed. It
seemed that the whole entry codes have
been moved into the packer.

My target now is to find out how the control
was given to the original program,and did not pay
attention to the IAT yet.

I ignored TLS callback function 0 now. I'm tracing
function 1 but not finished. It's not difficult to
write a script to pass through function0,function1
and stop at packer's EP,it can run happily under
OllyDbg,so the problem is patience and time. :p
and it has no any junk code,good news.

I'll spend my holiday soon. But I won't give up. :)

regards.

Got it. ;)

the "Got it." priceless
 

execryptor is b**** congratz.

you are right, it's useless without description.
how you get OEP from the other poster:
load program into olly
olly will stop in an exception. set memory-breakpoint on code-section. skip all exceptions with SHIFT+F9. the fourth stop is the OEP from the above poster.

I have not cleared my note.

I wrote 2 olly script to get it:

1. Decompile unpackme,get the address of TLS callback function1
from IDA,and the target address of mov opcode is where i
dump it. I you want to find out the stolen codes,just keep on
tracing.

At here,both of the callback were "closed" somewhere,the important
function was replaced only a ret so if the protected baby is a
multi-thread program,the codes which decrypting and load apis won't
be executed repeatly.

in my post,i zero the entries in TLS directory,nothing important now.

2. Dispite many branches in the hooked apis,you can execute them
safely. Just stop at the packer EP,write a script to call each entry
in IAT(except 0 and good entries),bpx at correct position so it
will loop and never jmp into the real api. Use the script to fix IAT.Be
carecul to keep the stack balance(If not,it doesn't matter;-).


I unpacked execryptor itself,but when i run it,crashed! so i'll
continue it.I have no enough time,so maybe i can't finish it
soon. By now i just hope to unpack it,not carck it,i won't bother
to fight the algorithm. Maybe patching it is ok. :)

Regards.

Hi all
I have test the ExeCrypt 2.26 on MS Notepad and the result was very bad result
I need to use only the code morphing feature on the code segments so I disabled all the features except the Antidebug checkbox and raise the code visualization percent to 100% No compression no antitrack no entry point protection... .
The changes that I found Is just two long jumps to the original entry point.
Is that possible or not.
any one have similare experience can help.
I need a tool that can generate confusion code with code junks from the original code segments any one have an Idia.
Thanks

I found that you have to add some marks around the critical blocks of your code the re-compile your application before using Execrypt to get your code "morphined".

Hum...i think you mean morphed....morphine is antoher pe packer that does not have anything to do with execryptor.

guys check on crackmes.de... you will find solutions there.. its not perfect it ,,.it will help you in way of defeting it...


bye