Working status on v 1.8.x

The PE packer place.

Moderator: CGSoftLabs

Post Reply
CGSoftLabs
Registered User
Posts: 118
Joined: Thu Feb 10, 2005 12:00 am

Working status on v 1.8.x

Post by CGSoftLabs »

Well, last night the first 64bit .exe (I did my tests on cpuz64.exe if someone is interested in this:) was packed by eXPressor; I'm working for the moment at adding support for PE+ file format; first it will be added to the light/full stubs and to the eXPressor's packing core; the protection will have to wait;

The ms x64 compiler/linker has dropped the support for inline assembler; this is a real pain in the ass since my stubs are a total mix of c++ & inline asm; requires to be rewritten almost totally.
Also I have to deal with a new cpu architecture, opcodes, calling conventions, seh etc and since I'm not a fan of asm this will make it even harder.

I've also worked at x32 protections stubs; something nice, experimental, a kind of polymorphism for the protection stubs; each stub's real instructions is disassembled changed, surrounded by trash and linked up/down in mem with the next instruction; but it will have to wait the release; I'm still thinking to release it or no due to malware world which will njoy such a tool;
CGSoftLabs
Registered User
Posts: 118
Joined: Thu Feb 10, 2005 12:00 am

Post by CGSoftLabs »

I'm working at an 32bit Advanced Protection Engine which will use between other a VM implementation;

for a given function, the engine should perform:
1. disassembling and building of a linked list of instructions;
Then perform per instruction (a kind of plug-ins for the engine):
-2. per instruction expander (metamorphism; replace 1 instr with other: one ore more similar) ;
-3. random virtualization of a set of handled instructions (this requires a VM);
-4. obfuscation; insertion of junk (ie ebo1xx) instructions which will make harder analyzing of disassembled code;
-5. anti-cracking; small blocks inserted on the fly between instructions; anti-tracing, seh etc;
7. rebuild the code; link instructions in other order; use jmps between; link virtualized instructions with VM;

the engine should accept customization of how much obfuscation,virtualization,metamorphism to apply;

this engine will help protecting:
- almost every functions in the protection stub;
- EP;
- code inside target;
...making disassembling a pain, mostly to myself :lol:
Post Reply