Hmm this seems to be zlib compression I am going to look at the format myself and see if I see anything.
Signsrch 0.1.4
by Luigi Auriemma
e-mail:
aluigi@autistici.orgweb: aluigi.org
optimized search function from Andrew
http://www.team5150.com/~andrew/- open file "f:\un_huxleymmogame.exe"
- 17125376 bytes allocated
- load signatures
- open file C:\signsrch\signsrch.sig
- 1294834 bytes allocated for the signatures
- 1869 signatures in the database
- WARNING:
the file loaded in memory is very big so the scanning could take many time
- start signatures scanning:
offset num description [bits.endian.size]
--------------------------------------------
00b64858 31 Adler CRC32 (0x191b3141) [32.le.1024]
00b65858 32 Adler CRC32 (0x191b3141) [32.be.1024]
00b64c58 33 Adler CRC32 (0x01c26a37) [32.le.1024]
00b65c58 34 Adler CRC32 (0x01c26a37) [32.be.1024]
00b65058 35 Adler CRC32 (0xb8bc6765) [32.le.1024]
00b66058 36 Adler CRC32 (0xb8bc6765) [32.be.1024]
00b64458 83 CRC-32-IEEE 802.3 poly 0x04C11DB7 [32.le rev.1024]
00b65458 84 CRC-32-IEEE 802.3 poly 0x04C11DB7 [32.be rev.1024]
00c32a90 142 ACSS reverse sbox [..256]
00019b6e 307 SHA1 / SHA0 / RIPEMD-160 initialization [32.le.20&]
00c0a080 309 padding used in hashing algorithms (0x80 0 ... 0) [..64]
00b68228 357 Zlib dist_code [..512]
00b68428 358 Zlib length_code [..256]
00b68528 359 Zlib base_length [32.le.116]
00b685a0 361 Zlib base_dist [32.le.120]
00b68528 1085 Rar29 LDecode [32.le.112]
00c32a90 1210 FFT and FHT routines rv_tbl [..128]
00019b83 1303 RIPEMD-128 InitState [32.le.16&]
00265058 1499 TEA1_DS [32.le.4]
00b67be0 1541 zinflate_lengthExtraBits [32.le.116]
00b67bdd 1542 zinflate_lengthExtraBits [32.be.116]
00b67c58 1545 zinflate_distanceExtraBits [32.le.120]
00b67c55 1546 zinflate_distanceExtraBits [32.be.120]
004ac43a 1783 anti-debug: Dongle protection [..3]
00ebbffa 1812 anti-debug: Softice \\.\SICE [..9]
00ebc00e 1813 anti-debug: Softice \\.\NTICE [..10]
00ebc003 1814 anti-debug: Softice \\.\SIWVID [..11]