Issue on Unpack
Testcase4 opened this issue · 6 comments
Hi,
I find one issue in PackRoutines-Stub.cpp: retrieveKey. This function is not giving correct output (retrievedSig).
Could you please provide explanation for this ?
I am trying to understand how packers works.
Hi,
I find one issue in PackRoutines-Stub.cpp: retrieveKey. This function is not giving correct output (retrievedSig).
Could you please provide explanation for this ?
I am trying to understand how packers works.
Hi Testcase4
Thank you for your issue
What command line arguments you use for packing ?
What's the encryption key size and complexity ?
Can you please share command line input and the output you get from unpacking?, Or it just terminates the program without any output ?!
Command Line Arguments
- Payload location : E:\Assignment\Evader-master\Evader-master\PackerBuild\bin\Win32\Debug\payload ( sample.exe- open notepad.exe)
- Resultant output : E:\Assignment\Evader-master\Evader-master\PackerBuild\bin\Win32\Debug\output.exe
- Build Unpack stub and added : E:\Assignment\Evader-master\Evader-master\Packer\UnpackStub.exe
Command Line Argument :
E:\Assignment\Evader-master\Evader-master\PackerBuild\bin\Win32\Debug\payload E:\Assignment\Evader-master\Evader-master\PackerBuild\bin\Win32\Debug\output.exe 1 65 90
Encryption Key Size is 1
Choose payload execution method : 0
I have also shared email with you. Kindly check and let me know.
Command Line Arguments
- Payload location : E:\Assignment\Evader-master\Evader-master\PackerBuild\bin\Win32\Debug\payload ( sample.exe- open notepad.exe)
- Resultant output : E:\Assignment\Evader-master\Evader-master\PackerBuild\bin\Win32\Debug\output.exe
- Build Unpack stub and added : E:\Assignment\Evader-master\Evader-master\Packer\UnpackStub.exe
Command Line Argument :
E:\Assignment\Evader-master\Evader-master\PackerBuild\bin\Win32\Debug\payload E:\Assignment\Evader-master\Evader-master\PackerBuild\bin\Win32\Debug\output.exe 1 65 90Encryption Key Size is 1
Choose payload execution method : 0
I have also shared email with you. Kindly check and let me know.
Execution method 0 is for RUN-PE
This technique (RUN-PE) is not working for 64-bit processes at this time I should fix it in the future
If your payload is 64-bit that's the reason :)
Hi Koorosh.
Payload is 32 bit.(x86) . I am compiling everything in x86 - release mode. One small change I added in RUNPE.cpp
char CurrentFilePath[1024]= "C:\Windows\System32\notepad.exe" ;
I got below error:
"The application was unable to start correctly ( 0xc0000142).
Click Ok to close this application."
Hi Koorosh.
Payload is 32 bit.(x86) . I am compiling everything in x86 - release mode. One small change I added in RUNPE.cpp
char CurrentFilePath[1024]= "C:\Windows\System32\notepad.exe" ;I got below error:
"The application was unable to start correctly ( 0xc0000142).
Click Ok to close this application."
This error happens randomly, I should check that out.
But if it happens always maybe there is a problem with the payload.
Send the changes you've made in RunPE.cpp to my email please.
Hi Koorosh,
Please check your mailbox.