PE Fake Aspack

[Noctambulaar]

; #########################################################################

.586
.model flat, stdcall
option casemap :none ; case sensitive

; #########################################################################
include \masm32\include\windows.inc
include \masm32\include\user32.inc
include \masm32\include\kernel32.inc
include \masm32\include\comdlg32.inc

includelib \masm32\lib\user32.lib
includelib \masm32\lib\kernel32.lib
includelib \masm32\lib\comdlg32.lib

; #########################################################################
.data
msgTitle db "Scan status:",0h
msgText db "Fake signature ",0h
.code

start:

; PeID checks OEP for signatures. If the byte pattern at OEP matches some of
; the signatures stored in PeID.exe or userdb.txt PeID will identify target as
; packer or protector assigned to that signature. So we can insert any number
; of bytes at OEP and make PeID detect the wrong packer.

; For example this is ASPack 2.12 OEP

db 060h,0E8h,003h,000h,000h,000h,0E9h,0EBh,004h,05Dh,045h,055h,0C3h,0E8h,001h,000h,000h,000h
db 0EBh,05Dh,0BBh,0EDh,0FFh,0FFh,0FFh,003h,0DDh,081h,0EBh,000h,040h,000h,000h

POPAD

PUSH 40h
PUSH offset msgTitle
PUSH offset msgText
PUSH 0
CALL MessageBox

PUSH 0
CALL ExitProcess

end start

 

[dr.Pilulkin]

Прикольно

.code
start:
jmp @F
;tElock v0.90 * :)
db 0E8h,002h,000h,000h,000h,0E8h,000h,0E8h,000h,000h,000h,000h,05Eh,02Bh
@@:

Отличная вещь горе-крэкеров пугать.

 

[DiG. GeRR]

А так?

; #########################################################################

      .586
      .model flat, stdcall
      option casemap :none  ; case sensitive

; #########################################################################
      include \masm32\include\windows.inc
      include \masm32\include\user32.inc
      include \masm32\include\kernel32.inc
      include \masm32\include\comdlg32.inc
      
      includelib \masm32\lib\user32.lib
      includelib \masm32\lib\kernel32.lib
      includelib \masm32\lib\comdlg32.lib
      
; #########################################################################   
    .data
       msgTitle db "Scan status:",0h
       msgText db "Fake signature;)",0h
    .code

start:
 
;	MASM32  antiPeID example 
;  	coded by ap0x
;  	Reversing Labs: http://ap0x.headcoders.net

;	PeID checks OEP for signatures. If the byte pattern at OEP matches some of
;	the signatures stored in PeID.exe or userdb.txt PeID will identify target as 
;	packer or protector assigned to that signature. So we can insert any number
;	of bytes at OEP and make PeID detect the wrong packer.

;	For example this is BJFNT`s OEP

	db 0EBh,03h,3Ah,4Dh,3Ah,1Eh,0EBh,02h,0CDh,20h,9Ch,0EBh,02h,0CDh,20h,0EBh,02h,0CDh,20h,60h

;	After this code executes we just align the STACK and continue executing
;	like no code was executed before MessageBox.

	POPAD
	POPFD
	POP DS

	PUSH 40h
	PUSH offset msgTitle
	PUSH offset msgText
	PUSH 0
	CALL MessageBox

	PUSH 0
	CALL ExitProcess

end start

Разберем protectionLab на запчасти!

 

[Chococream]

Спойлер: 20

Вот выдрал из Stud PE, сигнатур до*ерище....


Линк:
http://www.sendspace.com/file/d9ekap

Пароль:
xss.pro/