[unpackme] Undetector 1.2

[Teddy Rogers]

Undetector 1.2

http://tuts4you.com/download.php?view.1766

Ted.

[What]

Well it took a while to find the oep, but all unpacked and working.

[LCF-AT]

Here a little script for this UnpackMe.It

Undetector_1.2_OEP_finder_and_detach_processes.rar

[sdy100]

// code by sdy100

// test : Ollydbg 1.10 Odbgscript 1.65.1

mov tmp,1

loop:

gpa "CreateProcessA", "Kernel32.dll"

mov CreateProcessA, $RESULT

gpa "WriteProcessMemory", "Kernel32.dll"

mov WriteProcessMemory, $RESULT

bp CreateProcessA

erun

bp WriteProcessMemory

erun

bc

mov addr, [esp+c]

mov size, [esp+10]

eval "dump{tmp}.exe"

mov name, $RESULT

dm addr, size, name

eval "dumped dump{tmp}.exe"

msg $RESULT

inc tmp

MSGYN "1 more ?"

cmp $RESULT, 1

je loop

end:

ret

Edited July 7, 2007 by sdy100

[LCF-AT]

Hello sdy100,

your script doesn't work correctly.I get the dump

[sdy100]

Hello LCF-AT

Your script doesn't work correctly.I get the dump

Edited July 7, 2007 by sdy100

[Ufo-Pu55y]

Use Odbgscript 1.65.1

Hi,

erm, where did u get it ?

The latest version I can see on their site is 1.64...

Greets

[sdy100]

http://odbgscript.svn.sourceforge.net/view...script/Release/

1.65 (SVN)

+ BPHWC without parameter clears all hardware breakpoints (same as BPHWCALL, which could be removed/renamed)

+ BC without parameter clears all loaded breakpoints (Breakpoints Window)

+ BD without parameter disables all loaded breakpoints

* Breakpoints saving enhanced, and saving/restore on restart.

Edited July 7, 2007 by sdy100

[LCF-AT]

Hello again sdy100,

ok now it works but i think it

[sdy100]

hi LCF-AT

You don't need to manual work

use PEtools -> section -> right click -> dumpfixer (PEtools 1.5 Rc7)

regard

[LCF-AT]

Hey sdy100,

you are right.I dont have used this feature before.

That smoothly escaped me.Thanks for the advice

and excuse for the trouble.

greetz