DOS ain't dead

CandyMan's Tracer (Announce)

posted by CandyMan, 05.04.2023, 09:25

> Very impressive work on getting these unpacked. This is quite magical. Your
> skills are unequalled. Unpacking complicated and obfuscated packers
> obviously requres a lot of work, and isn't possible to automate.

The hardest part is finding the program's original entry point. The second time it will be the same place but shifted (segment) by 4096/16 and the offset will be the same. You can track interrupts (usually int 0..5) and find when the old values are restored. It is especially difficult to unpack programs like (HackStop) which are written in such a way that their code after unpacking contains many jumps and looks like it is still coded.
Like any tool, mine can be bypassed, but I won't tell you how.

Complete thread:

• CandyMan's Tracer - CandyMan, 30.03.2023, 19:08 (Announce)
  • CandyMan's Tracer - Laaca, 30.03.2023, 21:37
    • CandyMan's Tracer - CandyMan, 30.03.2023, 22:19
  • CandyMan's Tracer - rosegondon, 31.03.2023, 07:07
    • CandyMan's Tracer - CandyMan, 31.03.2023, 13:03
      • CandyMan's Tracer - rosegondon, 03.04.2023, 09:19
  • CandyMan's Tracer - Zyzzle, 01.04.2023, 02:57
    • CandyMan's Tracer - rosegondon, 01.04.2023, 09:25
    • CandyMan's Tracer - CandyMan, 02.04.2023, 21:39
      • CandyMan's Tracer - CandyMan, 02.04.2023, 21:39
        • CandyMan's Tracer - Zyzzle, 05.04.2023, 08:34
          • CandyMan's Tracer - CandyMan, 05.04.2023, 09:25
  • CandyMan's Tracer - CandyMan, 01.04.2023, 17:58
  • CandyMan's Tracer - rosegondon, 06.04.2023, 07:08
    • CandyMan's Tracer - CandyMan, 06.04.2023, 10:24
  • CandyMan's Tracer - CandyMan, 16.07.2023, 21:11