Developing PE file packer step-by-step. Step 1

Since I completed portable executable C++ library development, it would be totally wrong not to use it in any more or less serious project. Thus I am going to develop a packer with step-by-step explanations of what I am doing, and C++ library will make our life easier. So, where do we start the development? Maybe, from choosing some free simple compression algorithm. After short search I found such one: LZO. It supports lots of compression modes, and LZO1Z999 is the most effective by compression ratio of all available. Of course, it is not like ZIP, but its performance is close: 550 Kb file was compressed to 174 Kb with zip with maximum compression level, at the same time LZO compressed this file to 185 Kb. However, LZO has much more fast unpacker. It is also base-independent, that means, it can be placed at any virtual address and it will work without any address corrections. This algorithm will be right for us.

Continue reading “Developing PE file packer step-by-step. Step 1”

PHP script deobfuscation for dummies

Uninitiated people often ask questions like “How do I decode an obfuscated PHP-script?”, “Is PHP-script obfuscation safe enough?” and even like “Would you help me to deobfuscate it please, wouldn’t you?”. The main purpose of this article is to show, that obfuscators provide absolutely no protection in 90% cases (which are able to provide protection only from people, who got acquainted with programming language for the first time in their lives). It can be removed in 10 to 20 minutes, as a result you get PHP script in its original form. The rest 10% cases demonstrate slightly stronger protection, which can be removed in similar ways though. If you wish to learn how to remove obfuscation from scripts on your own, then this article is what you need!

Continue reading “PHP script deobfuscation for dummies”