|
|
|
|
#1
09-28-2007, 15:25
|
|||
|
|||
|
hm
In the brief minute that I looked at this app I see two things. First is I patched a few random bytes on the original file and it did not crash. The fact I was even able to patch any bytes tells me it is not packed. Also I just loaded it in ida, and with the exception of some weird segment names and some ida msg, the file looks comphrensible and not packed. Why do you think it is upx? Although I could be wrong, I would suggest delete your unpack version, make a copy of the original app and just dissamble it in ida and have fun should run fine and be patchable. To answer your original question, just about any algo can be a crc algo. The most likely algos to be a crc are usually hash algos. And when you do encounter these, they are easy to spot as they either read from disk or read from memory the pe file, so just break on approriate apis, readfile, readmem etc. I dont think you have to do anything here but install the app and then patch the registration check.
|
|
#2
09-28-2007, 19:14
|
|||
|
|||
|
Thankz alot for your reply Sabor ..and when I analyzed that app with PEID it said it is UPX also when manual unpacking did not work for me, I could unpack it with upx v 3.1 with parameter -d and I successfully did but still not working... please take a look to attached picture.
|
|
#3
09-28-2007, 19:28
|
||||
|
||||
|
PEiD is actually saying that it is UPolyX which is PEiD's way of saying it has no idea if it is packed or not. The section names have been renamed to UPX to fool you. Doesn't sound like it is packed at all.
PETools is more reliable than PEiD and PE Explorer is very good at identifying and unpacking UPX if it is present. Git
|
 |
| Thread Tools | |
| Display Modes | |
|
|
Similar Threads
|
||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| Segmented File Hashing Utility | HarrySpoofer | Source Code | 5 | 10-11-2023 23:16 |
| Hashing Utility v1.0 | chessgod101 | Community Tools | 16 | 11-07-2021 11:58 |
Hybrid Mode
