Jump to content
Tuts 4 You

[unpackme] Asdpack 2.0...


Teddy Rogers

Recommended Posts

Script unpack

var counter

var ImageBase

var OEP

var iat_start

mov counter,0

gmi eip,MODULEBASE

mov ImageBase,$RESULT

mov OEP,esp-4

gpa "LoadLibraryExA","kernel32.dll" <---- Sorry Has corrected here

bp $RESULT

run

bc eip

rtu

mov iat_start,esi

find eip,#ABE9#

cmp $RESULT,0

je quit

mov [$RESULT],#90#

bphws OEP,"r"

run

sti

sti

bphwc OEP

mov oep,eip

cmt eip, "This is the entry point"

sub OEP,ImageBase

sub iat_start,ImageBase

mov counter,ImageBase

add counter,3C

mov counter,[counter]

add counter,ImageBase

add counter,28

mov [counter],OEP

add counter,58

mov [counter],iat_start

DPE "dump.exe",eip

msg "The file is unpacked! Name ->Dump.exe Remove unnecessary section in Dump"

ret

Edited by pavka
Link to comment
Share on other sites

@pavka

Your script does not function correctly.

Error on this line-je quit?

Your script does not come to the OEP (004271B0).

@azmo

Your "Unpacking NakedPacker 1.0" link on your homepage does also not work.

The file is suspected.....Can you fix this.Thank

Link to comment
Share on other sites

@pavka

Both versions of the script works fine 100% with ODbgScript plugin v1.51 and it reaches the OEP 004271B0

@LCF-AT

thank you, i've fixed the link

_http://www.4shared.com/file/18528855/420877c2/UnpackingNP10AoRE.html

azmo

Link to comment
Share on other sites

No problem azmo. ;)

I get an error message with line "je quit" and the script ends here...

00469155 8BF8 MOV EDI,EAX ; This is the entry point

but the OEP is here...

004271B0 55 PUSH EBP

The same error with ODbgScript 1.47 and 1.63.

greetz

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...