Jump to content
Tuts 4 You

[unpackme] Larp 2.0 Unpackme

lena151

By lena151
in UnPackMe

 Share

Recommended Posts

lena151

lena151

Posted
Posted (edited)

Hi to everybody.

Here is a small old year - new year present to fill those empty moments in this dark time of the year. Happy living to all.

The unpackme was protected by a stripped down version of lARP 2.0 (lena151's Anti Rip Protector).

Unpack/deprotect the unpackme and the first to succeed gains a kiss on the forehead from me (or perhaps this is a good reason not to try it? :lol::P )

Success to all,

lena151.

lARP_2.0_Unpackme.rar

Edited by Teddy Rogers
Corrected the topic title...
revert

revert

Posted
Posted

Hi,

Not sure but I think this should do it.
/>http://rapidshare.com/files/78361481/dump.rar.html

Its not easy on Vista x64 :)

lena151

lena151

Posted
  • Author
Posted

Good job guys.

pavka even restored the stolen bytes but jstorme gets the kiss for being first!

Thanks for your interest,

lena151.

ChupaChu

ChupaChu

Posted
Posted

Someone cares to write a walkthrough - tutorial for unpacking it?

I'll start learning unpacking in new year, so.. I'd apreciate it ;)

BR, ChupaChu!

lena151

lena151

Posted
  • Author
Posted
Someone cares to write a walkthrough - tutorial for unpacking it?

He ChupaChu,

It's nothing special. I just used a couple tricks and some basic obfuscation which you will come across if you study the beginner series indepth from #20 and up. It would be repeating old material to make a walkthrough for it. Also, do take a special look in #37 about unpacking MSLRH.

I wish you all success in your quest!

lena151.

ChupaChu

ChupaChu

Posted
Posted

Thanx for pointing me in the right direction, i have always avoided unpacking as much as i coud but i guess its time to dig my self into it..

Happy hollidays!

BR, ChupaChu!

Apakekdah

Apakekdah

Posted
Posted (edited)

<_<

Its hard... :giveup:

i'm stuck in here...

0040F9B5	F7D8				   NEG EAX
0040F9B7	3D 706F6F6F			CMP EAX,6F6F6F70
0040F9BC	75 06				  JNZ SHORT lARP_2_0.0040F9C4
0040F9BE	8D9D 061A4000		  LEA EBX,DWORD PTR SS:[EBP+401A06]
0040F9C4	830424 02			  ADD DWORD PTR SS:[ESP],2
0040F9C8	C3					 RETN
0040F9C9	75 00				  JNZ SHORT lARP_2_0.0040F9CB

how to skip this ?

Edited by Apakekdah
pavka

pavka

Posted
Posted

@Apakekdah

0040F9B5 F7D8 NEG EAX

0040F9B7 3D 706F6F6F CMP EAX,6F6F6F70 <---------chek if fill nop call :)

0040F9BC 75 06 JNZ SHORT lARP_2_0.0040F9C4

0040F9BE 8D9D 061A4000 LEA EBX,DWORD PTR SS:[EBP+401A06]

0040F9C4 830424 02 ADD DWORD PTR SS:[ESP],2

0040F9C8 C3 RETN

0040F9C9 75 00 JNZ SHORT lARP_2_0.0040F9CB

Apakekdah

Apakekdah

Posted
Posted
@Apakekdah

0040F9B5 F7D8 NEG EAX

0040F9B7 3D 706F6F6F CMP EAX,6F6F6F70 <---------chek if fill nop call :)

0040F9BC 75 06 JNZ SHORT lARP_2_0.0040F9C4

0040F9BE 8D9D 061A4000 LEA EBX,DWORD PTR SS:[EBP+401A06]

0040F9C4 830424 02 ADD DWORD PTR SS:[ESP],2

0040F9C8 C3 RETN

0040F9C9 75 00 JNZ SHORT lARP_2_0.0040F9CB

when i nopped it app terminate :(

but if i leave it alone, app wont start, he just looping in there... :(

pavka

pavka

Posted
Posted

@Apakekdah

Clean unnecessary call and it will be easier to you to investigate a code. Example:

call ХХХХХХХ

ADD DWORD PTR SS:[ESP],2

C3 RETN

call ХХХХХХХ

ADD DWORD PTR SS:[ESP],1

C3 RETN

call ХХХХХХХ

ADD DWORD PTR SS:[ESP],5

C3 RETN

And so on

What

What

Posted
Posted

Yeah not really hard, nice little tricks here and there, but nothing really complex. If practice solving problems by yourself, you should be able to get this soon enough.

kaksii

kaksii

Posted
Posted

Hehe, I'm glad lena is back.

Keep reversing!

:lol:

  • 7 months later...

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing
×
×
  • Create New...