CGSoftLabs Forum Forum IndexCGSoftLabs Forum
A place to talk about CGSoftLabs releases
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in            Calendar

We are experimenting on new ads format. Report any problem here.
New Support Forum is now up and running!
Please help completing a survey!

Working status on v 1.8.x

 
Post new topic   Reply to topic    CGSoftLabs Forum Forum Index -> eXPressor
View previous topic :: View next topic  
Author Message
CGSoftLabs
Site Admin


Joined: 10 Feb 2005
Posts: 108
:


Items
PostPosted: Wed Jan 06, 2010 1:29 am    Post subject: Working status on v 1.8.x Reply with quote
Well, last night the first 64bit .exe (I did my tests on cpuz64.exe if someone is interested in this:) was packed by eXPressor; I'm working for the moment at adding support for PE+ file format; first it will be added to the light/full stubs and to the eXPressor's packing core; the protection will have to wait;

The ms x64 compiler/linker has dropped the support for inline assembler; this is a real pain in the ass since my stubs are a total mix of c++ & inline asm; requires to be rewritten almost totally.
Also I have to deal with a new cpu architecture, opcodes, calling conventions, seh etc and since I'm not a fan of asm this will make it even harder.

I've also worked at x32 protections stubs; something nice, experimental, a kind of polymorphism for the protection stubs; each stub's real instructions is disassembled changed, surrounded by trash and linked up/down in mem with the next instruction; but it will have to wait the release; I'm still thinking to release it or no due to malware world which will njoy such a tool;
Back to top
View user's profile Send private message Send e-mail
CGSoftLabs
Site Admin


Joined: 10 Feb 2005
Posts: 108
:


Items
PostPosted: Thu Jan 28, 2010 2:38 pm    Post subject: Reply with quote
I'm working at an 32bit Advanced Protection Engine which will use between other a VM implementation;

for a given function, the engine should perform:
1. disassembling and building of a linked list of instructions;
Then perform per instruction (a kind of plug-ins for the engine):
-2. per instruction expander (metamorphism; replace 1 instr with other: one ore more similar) ;
-3. random virtualization of a set of handled instructions (this requires a VM);
-4. obfuscation; insertion of junk (ie ebo1xx) instructions which will make harder analyzing of disassembled code;
-5. anti-cracking; small blocks inserted on the fly between instructions; anti-tracing, seh etc;
7. rebuild the code; link instructions in other order; use jmps between; link virtualized instructions with VM;

the engine should accept customization of how much obfuscation,virtualization,metamorphism to apply;

this engine will help protecting:
- almost every functions in the protection stub;
- EP;
- code inside target;
...making disassembling a pain, mostly to myself Laughing
Back to top
View user's profile Send private message Send e-mail
Display posts from previous:   
Post new topic   Reply to topic    CGSoftLabs Forum Forum Index -> eXPressor All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
CGSoftLabs Forum topic RSS feed 


Powered by phpBB © 2001, 2005 phpBB Group

FREE FORUM HOSTING by AtFreeForum. Terms of Service - Privacy Policy
FASHION ACCESSORIES - BLING BLING - LADIES WATCHES - KOREAN CHILDREN CLOTHING - ONLINE BARGAIN STORE - FASHION JEWELLERIES