|
|
#1
02-17-2005, 21:46
|
|||
|
|||
|
Unknown packer trouble
All my efforts to unpack this baby has failed.
PeID 0.93 says for file "FunnyCreatures.exe" : NeoLite vx.x There is no need to run installer. Unpack "fcreatures.exe" with Winrar (function "extract to" ) hxxp://astatix.advanta.org/download/fcreatures.exe (859 kb) When Ollydbg stoped at Exception C000001E (INVALID LOCK SEQUENCE) (i have everything ticked under Debugging options -> exceptions ) , i put memory bp on access , and i landed here: 0044B8F2 . 66:C1C2 03 ROL DX,3 ; HERE 0044B8F6 . 53 PUSH EBX ; FunnyCre.00502183 0044B8F7 . 68 59529514 PUSH 14955259 0044B8FC . 5B POP EBX ; FunnyCre.00500401 0044B8FD . 81C3 E23D611A ADD EBX,1A613DE2 0044B903 .- E9 75D00B00 JMP FunnyCre.0050897D 0044B908 . 2BCE SUB ECX,ESI ; FunnyCre.00511B18 Checking my Log , showed that there is a lot of INT3 exceptions . This unknown protector is checking for CC (bpx , bp) and hardware breakpoints . I downloaded Neolite v2 , which seems to be the newest version of this packer ( hxxp://nmgmt.cs.nchu.edu.tw/nmTool/NEOLTE20.EXE ) , but this one is piss easy to unpack. Last edited by hosiminh; 02-17-2005 at 21:48. 
|
|
|
Similar Threads
|
||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| Unknown Packer | Beyond2000! | General Discussion | 15 | 06-30-2009 04:40 |
| An Unknown Packer ! | Newbie_Cracker | General Discussion | 10 | 10-11-2005 14:35 |
| Unknown Packer | deephousederek | General Discussion | 10 | 03-06-2005 10:04 |
Threaded Mode