Saturday, December 8, 2007

eMule v0.48a Titan Donkey 4.2 unpacked Exe Stealth 3.16 NTkrnl

Spezial Features:

- AES 256 Bit Support
- Bzip2 Support
- improved customization 4 Highspeedcreditsystem
- Titandonkey Trust Center
- saves highspeed credits on shut down (24h)
- advanced ban protection
- clean Serverlist updater
- Titandonkey Slotmanagement
- improved passive source finding
- reduced CPU Usage
- increased Speed for Higspeed Credit downloads
- Ban some bad Mods (Titanesel Antileech)
- Comm Applejuice System
- Disabled Dead Source List to keep valuable sources
- Removed limitation of search results
- Uploaded data is compressed dynamically to save CPU
- Improved searching of passive sources
- TitanEsel Community
- TitanEsel Suche
- never show files as complete
- Look to Tray with password
- Webbrowser
- dual Serverconnect
- improved source finding for low id
- adjustable Highspeed Credit System (Applejuice)
--> Mehr Infos zu Applejuice
- improved Community Source Exchange
- Fakeresultsfilter 0.23

Remarks:
emule.exe is protected with: Exe Stealth Packer/Protector v.3.16 - www.webtoolmaster.com (NTkrnl)

To view code dump with:
Multi Generic Dumper v.1.1 (C) 2006 by Snow Panther [Unpacking Gods]
Download: Multi generic Dumper 1.1 mdg.exe G option mgd.zip or Download older Version: MULTI_GENERIC_DUMPER_v.1.0.zip

* Multi Generic Dumper v.1.1 (C) 2006 by Snow Panther [Unpacking Gods] *

* Loading process.........: ok
* Original entry point....: $00687976
* Time used for unpack....: 00:01:65480.79
* File EMULE_.EXE created...

* Press any key to continue...

Pre unpacked Titan Downkey 4.2: emule.exe
(EOP not recalc., will not run without future alloc. but you can see the code (emule.exe content, comms, dependence clients, blocked clients, urls,...) with hexedit / olydbg)

Download: eMule.0.48a.Titandonkey.v4.2-Bin.rar

Ollydbg unpacking script:
// WinXP SP2,OllyDbg V1.10,ODbgScript 1.48xxx1.60,FantOm plugin0,58
var br
var pt
var va

gpa "VirtualAlloc","kernel32.dll"
mov va, $RESULT


run

mov [eip],#CC#
mov br,[esp+8]
bp br
run
bc br
gpa "LoadLibraryA","kernel32.dll"
bp $RESULT
run
bc $RESULT
rtr
mov br,eip
bp br
loop:
cmp va,edi
je last
run
jmp loop

last:
bc br
sti
find eip,#8B????8B????74??#
mov pt,$RESULT+6
mov [pt],#EB#
find eip,#8944241C61FFE0#
cmp $RESULT,0
je quit
mov br,$RESULT
add br,5
bp br
run
bc br
sti
cmt eip, "This is the entry point"
MSG "OEP Faund ! IAT fixed! Dump it"
ret

quit:
ret


Download


Website: http://www.unpack.cn/viewthread.php?tid=19471&extra=page%3D1

No comments:

Post a Comment