09 December 2007

eMule v0.48a Titan Donkey 4.2 unpacked Exe Stealth 3.16 NTkrnl

Spezial Features:

- AES 256 Bit Support
- Bzip2 Support
- improved customization 4 Highspeedcreditsystem
- Titandonkey Trust Center
- saves highspeed credits on shut down (24h)
- advanced ban protection
- clean Serverlist updater
- Titandonkey Slotmanagement
- improved passive source finding
- reduced CPU Usage
- increased Speed for Higspeed Credit downloads
- Ban some bad Mods (Titanesel Antileech)
- Comm Applejuice System
- Disabled Dead Source List to keep valuable sources
- Removed limitation of search results
- Uploaded data is compressed dynamically to save CPU
- Improved searching of passive sources
- TitanEsel Community
- TitanEsel Suche
- never show files as complete
- Look to Tray with password
- Webbrowser
- dual Serverconnect
- improved source finding for low id
- adjustable Highspeed Credit System (Applejuice)
--> Mehr Infos zu Applejuice
- improved Community Source Exchange
- Fakeresultsfilter 0.23

Remarks:
emule.exe is protected with: Exe Stealth Packer/Protector v.3.16 - www.webtoolmaster.com (NTkrnl)

To view code dump with:
Multi Generic Dumper v.1.1 (C) 2006 by Snow Panther [Unpacking Gods]
Download: Multi generic Dumper 1.1 mdg.exe G option mgd.zip or Download older Version: MULTI_GENERIC_DUMPER_v.1.0.zip

* Multi Generic Dumper v.1.1 (C) 2006 by Snow Panther [Unpacking Gods] *

* Loading process.........: ok
* Original entry point....: $00687976
* Time used for unpack....: 00:01:65480.79
* File EMULE_.EXE created...

* Press any key to continue...

Pre unpacked Titan Downkey 4.2: emule.exe
(EOP not recalc., will not run without future alloc. but you can see the code (emule.exe content, comms, dependence clients, blocked clients, urls,...) with hexedit / olydbg)

Download: eMule.0.48a.Titandonkey.v4.2-Bin.rar

Ollydbg unpacking script:
// WinXP SP2,OllyDbg V1.10,ODbgScript 1.48xxx1.60,FantOm plugin0,58
var br
var pt
var va

gpa "VirtualAlloc","kernel32.dll"
mov va, $RESULT


run

mov [eip],#CC#
mov br,[esp+8]
bp br
run
bc br
gpa "LoadLibraryA","kernel32.dll"
bp $RESULT
run
bc $RESULT
rtr
mov br,eip
bp br
loop:
cmp va,edi
je last
run
jmp loop

last:
bc br
sti
find eip,#8B????8B????74??#
mov pt,$RESULT+6
mov [pt],#EB#
find eip,#8944241C61FFE0#
cmp $RESULT,0
je quit
mov br,$RESULT
add br,5
bp br
run
bc br
sti
cmt eip, "This is the entry point"
MSG "OEP Faund ! IAT fixed! Dump it"
ret

quit:
ret


Download


Website: http://www.unpack.cn/viewthread.php?tid=19471&extra=page%3D1

0 comments:

Post a Comment

We would appreciate if you as readers of our blog, show us some feedback by signing up to this site with Friend Connect.
This will encourage us to publish updates in the future.

Archive