Home | hacker invade | crack analyzes | hacker course | Exploit | encryption decipher | network management | System crack | the virus to be related | invades the examination | firewall
You are here: hacking technology > encryption decipher > Content
Hot Articles
Wireless network to crac
Teaches you to use IAT h
Kaspersky Lab the online
Cracking lost or forgott
The Radmin password expl
How to face strongest al
Simple does not ask othe
Explains the MYSQL passw
Explains the Oracle data
http://www.heibai.net/ar
The encryption decipher
Breaks through Windows E
Uses Ophcrack to explain
Uses the MD5 transformat
Cygnia Technologies sele
Recommend Articles
Orders with Dos to untie
Orders with Dos to carry
The specification explai
And uses to some ASC det
Teaches you to use IAT h
Summarizes some encrypti
Teaches you a few words
Wondrous use DEBUG elimi
The Oracle cryptographic
Teaches you to explain f
Introduces seven kind of
Windows system folder en
Teaches you to hide the
Explains the MYSQL passw
Simple does not ask othe
New Articles
About Flash files of enc
Explains how to manually
Javascript large collect
Sep UPX shells ideas
Upx shelling tutorials (
Yoda 's Crypter 1.2 of s
How to decrypt encrypted
Share the Armadillo simp
Tells the operating prin
Origin Storage's Enigma
Detailed explanation Mol
For encrypted NTFS parti
Take your feelings of cr
Wireless WEP crack detai
Shallow disk encryption
Upx shelling tutorials (super detailed analysis)
  Add date: 03/14/2011   Publishing date: 03/14/2011   Hits: 224

With UPX encryption notepad, simple with Stud_PE check section table information.

VSize | | | Name aubject VOffset | | | RSize ROffset Charact. |

01 | | | | UPX0 0000F000 00001000 | | | E0000080 00000000 00000400

02 | | | | UPX1 00005000 00010000 | | | 00004600 00000400 E0000040

03 | | | j RSRC 00008000 00015000 | | | | 00007200 00004A00 C0000040

It looks not encryption resources

 

OD loaded after below

01014241. Wish 00000101 MOV NOTEPAD. 01010000; ESI, Esi = SEC upx1

01014246. 8DBE 0010FFFF LEA EDI, dwords theptr DS: [ESI + FFFF1000]; Edi = SEC upx0

0101424C. 57 shall EDI

0101424D. 83CD FF EBP, OR FFFFFFFF

01014250. EB JMP without 01014262 NOTEPAD. 10

The UPX1 and UPX0 section respectively in the first address esi and edi

See above UPX0 segment of the RSize 0, suspected to be released unpack data space. And UPX1 section should is encrypted program code.

 

Continue to look down

01014258 > / AL, Chinese 8A06 MOV theptr DS: [ESI]; / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / /

ESI 0101425A. | 46 INC

0101425B. | 8807 MOV Chinese theptr DS: [EDI], AL

0101425D. | 47 INC EDI

0101425E | > ADD EBX, 01DB EBX

01014260. | 07 JNZ NOTEPAD. 75 without 01014269; Data in the SEC to upx1 step.adopting upx0 SEC

01014262 > | 8B1E MOV EBX, dwords ESI] [theptr DS:

01014264. | 83EE fc-series, ESI SUB - 4

01014267. | 11DB ADC and EBX EBX

01014269 > ^ \ 72 ED 01014258 NOTEPAD. JB without

0101426B. 01000000 MOV EAX and 1 B8

01014270 > 01DB ADD EBX, EBX

01014272. 75 07 JNZ NOTEPAD. Without 0101427B

01014274. 8B1E MOV EBX, dwords ESI] [theptr DS:

01014276. 83EE fc-series, ESI SUB - 4

01014279. 11DB ADC EBX, EBX

 

...

 

0101431A > / AL, Chinese 8A07 MOV theptr DS: [EDI]; / / / / / / / / / / / / / / / / / / / / / / / / /
Prev:Yoda 's Crypter 1.2 of shells learning document Next:Sep UPX shells ideas

Comment:

Category: Home > encryption decipher
Home