MW-Blog

While I was rummaging through my filestash for anything interesting I spotted a few files that were packed with something known as Stone’s Encrypter. It doesn’t contain any anti-debug tricks, and based on the filecount I had it seems to be a bit unpopular. Anyway, here are the instructions on unpacking it.

Here’s a snapshot of the main function:

As you can see, the loop is pretty obvious and simple and we can see a clear exitpoint at the bottom, the jmp eax command. Set a hardware breakpoint there, run to it, single-step once into it and you’re at the original entrypoint (OEP). Since there are no tricks done in the packer stub to hinder you, you can get a clean dump with basically almost any dumper.

This entry was posted on Wednesday, May 30th, 2007 at 8:34 am and is filed under Packer-Magic. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.