Jump to content

  1. Viewing Profile: Posts: Aguila

Aguila

Member Since 26 Jul 2006
Offline Last Active Private
-----

Posts I've Made

In Topic: EP not set

05 May 2012 - 05:52 PM

Updated the file version 0.6b: http://forum.tuts4yo...reconstruction/

In Topic: EP not set

05 May 2012 - 02:08 PM

View Postdeepzero, on 05 May 2012 - 01:54 PM, said:

Thus, there are 3 basic  steps to unpacking a packer: 1) dump 2) fix iat 3) fix OEP.
That is funny. I thought this are the steps:

1) use debugger, go to OEP
2) dump at OEP, your debugger must point to the OEP
3) fix iat, your debugger doesn't need to be at the OEP

But I will add an option to the options dialog Posted Image

In Topic: EP not set

05 May 2012 - 01:38 PM

I still think that OEP correction and iat rebuilding are two separate workflows. They don't fit together. A dump tool should fix the OEP! Probably people are used to imprec, but it is the wrong way. Why should it be required to enter an OEP to fix an IAT? It doesnt make sense.

In Topic: Version 0.6 Beta

03 May 2012 - 12:24 PM

Thanks for the bug report. Buffer was to small for the pe section names.

Fixed it.

http://forum.tuts4yo...reconstruction/

In Topic: Version 0.6 Beta

01 May 2012 - 05:37 PM

Here is the final v0.6

http://forum.tuts4yo...reconstruction/
http://forum.tuts4yo...ruction-source/

Version 0.6
- added dump memory regions
- added dump pe sections -> you can edit some values in the dialog
- improved dump engine with intelligent dumping
- improved pe rebuild engine -> removed yoda's code
- fixed various bugs


I hope all bugs are fixed Posted Image

  1. Viewing Profile: Posts: Aguila
  2. Privacy Policy
  3. The Board Rules ·