首页
社区
课程
招聘
[下载]QUnpackDll version 1.2
发表于: 2006-3-10 21:44 3382

[下载]QUnpackDll version 1.2

2006-3-10 21:44
3382
QUnpackDll version 1.2

Introduction:
-------------
Well,
this fine release is a Dll version of the already released QUnpack program, from FEUERRADER of AHTeam.
What I did is to transform it into a DLL and to improve the whole code..
The main purpose of such a dll is to create complex patcher that would unpack on the fly the programs on the target PC, then apply byte changes to crack the program. Of course is much more useful where inline patching is not possible
But not only you can use this dll also as a base of any unpacker program you want to create.

I included a basic client just to give a try on the fly.

What it does:
-------------
The Dll works almost as the original Qunpack program. Essentially what is done is:

?set some hardware breakpoint into the debugged process
?find the OEP, using some custom method (if the target program is packed by FSG 1.33,
  ASPack 2.12 or UPX 1.2x, the OEP is found using an own technology)  or the code of the
  GenOEP.dll (included inside, so no need of external dlls)
?dump process to previously allocated buffer.
?rebuild dump and realign it.
?rebuild the import table (using some code taken from ImpRec)

How to use in your own program:
------------------------------
This is the protototype of the main function

int __stdcall UnpackFile(char* InName, char* OutName, BOOL AutoOEP, DWORD realOEP, char **pLog_buff);

Here below instead a code sniplet of how to use the DLL in you programs:

  char *infile_buff=NULL; // it's the buffer pointing to the file to be unpacked
  char *outfile_buff=NULL;  // it's the buffer pointing to the file where to store unpacked file.
  char *log_buff=NULL; // it's the buffer storing the log.
  BOOL autoOEP=TRUE;
  DWORD realOEP=FALSE;

  //TODO: Init above buffers and values as you want..
  
  UnpackFile(infile_buff, outfile_buff, autoOEP, realOEP, &log_buff);
                       
  // Writes to a file the log_buff filled and allocated by the UnpackFile API!
  // Note that the main program has to wait untill the threads launched by
  // UnpackFile() is terminated.
  // GetLog() returns a not NULL value only when the hard work is finished.
  // You might consider placing this loop into a separate thread of the main
  // application, just not to block the user interface too long.
  // NB. Remember to free the allocated buffer!

  while(GetLog(NULL)==NULL) ;
       
  FILE *fp=NULL;
  if(log_buff!=NULL)
    if((fp=fopen(".\\Unpacking_log.txt","w"))!=NULL) {
      fprintf(fp,log_buff);
      free(log_buff); //really important, remember to free the buffer!
      log_buff=NULL;
      fclose(fp);
      fp=NULL;
    }

Help function:
--------------
whenever you choose to pass the OEP to the function directly, usually you might have to convert it from a string representation to a real HEX value (usually it's inserted from an edibox).
Just for reference you might use this function that converts an hex value from string representation

//added to convert an exadecimal string to an hex value
unsigned char HEX_2_INT_TABLE[] = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
            0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
            0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 2, 3, 4, 5,
            6, 7, 8, 9, 0, 0, 0, 0, 0, 0, 0, 10, 11, 12, 13, 14, 15, 0, 0,
            0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
            0, 0, 0, 10, 11, 12, 13, 14, 15, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
            0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0};

int hexstr2int(char *hexstr) {
    register unsigned int length, i, value, shift;
    for (length = 0; length < 9; length++) if (!hexstr[length]) break;
    shift = (length - 1) * 4;
    for (i = value = 0; i < length; i++, shift -= 4) value += HEX_2_INT_TABLE[(unsigned int)hexstr[i] & 127] << shift;
    return value;
}

Belongs and Greetings:
----------------------
The DLL contains the code coming from some already existing DLLs. Those DLLs have been transformed into library files and directly linked to the Qunpack.dll to reduce external files dependency.
Those files are
?NDump.dll and RebPE32.dll which belongs to NEOx [uinC].
?GenOEP.dll by snaker
?Force.dll by FEUERRADER

Thanks again to FEUERRADER and to AHTeam members..

Distribution:
-------------
You may redistribute as you want the DLL, but please remember to give credits to the guys I mentioned and to me also!
If you witsh you can also include the present documentation and header files.

History:
--------

1.0 [+] initial release
1.1 [-] fixed a bug when realOEP is given
    [+] added some details in the log file
    [+] modified the little client
    [+] modified the readme and added some more explanations
1.2 [+] eliminated the need for any external dll, now it's an unique dll

---------------------------------------------------------------------------
(`?_.粉?服-.__.-~*?&8~) Shu?N扃?rath [ARTeam] ?服-.__,.-~*ㄝ?_.粪)
There are only 10 types of people in the world: Those who understand binary, and those who don't
http://cracking.accessroot.com

[注意]传递专业知识、拓宽行业人脉——看雪讲师团队等你加入!

上传的附件:
收藏
免费 0
支持
分享
最新回复 (8)
雪    币: 200
活跃值: (10)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
2
Thank Sharing.
2006-3-10 22:27
0
雪    币: 175
活跃值: (2491)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
3
这个使用好像不是很方便。
2006-3-11 08:59
0
雪    币: 234
活跃值: (104)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
4
好咚咚!谢谢!
2006-3-11 22:55
0
雪    币: 221
活跃值: (11)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
5
谢谢楼主!!!
2006-3-11 23:16
0
雪    币: 538
活跃值: (32)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
6
绝对的支持
2006-3-12 07:38
0
雪    币: 200
活跃值: (10)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
7
谢谢楼主,正需要`
2006-5-6 02:18
0
雪    币: 200
活跃值: (10)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
8
呵呵 这个我喜欢啊
2006-5-6 07:49
0
雪    币: 239
活跃值: (52)
能力值: ( LV3,RANK:20 )
在线值:
发帖
回帖
粉丝
9
干什么用的呀?
2006-5-8 16:01
0
游客
登录 | 注册 方可回帖
返回
//