lena151 Posted January 20, 2008 Posted January 20, 2008 After lARP v2.0 Lite and lARP v2.0 Standard editions, here is an unpackme protected by lARP v2.0 Pro Ed. It is supposed to be challenging Have fun lena151. lARP_v2.0_Pro_UnpackMe.rar
pavka Posted January 21, 2008 Posted January 21, 2008 (edited) unpackedprotector stub removeddumped_.rarlARP_v2.0_Pro_Unpacked.rar Edited January 21, 2008 by pavka
syk071c Posted January 21, 2008 Posted January 21, 2008 (edited) yay edit : forgot to fix the data section should be okay now done.rar Edited January 22, 2008 by syk071c
vinnie Posted January 22, 2008 Posted January 22, 2008 (edited) yay Can one of you guys throw me a bone and tell me why I can't even get it to run through my Olly? Iam guessing it's part of the protection. If it is the protection can someone give me a few pointers please? There must be a way without just attaching it Edited January 22, 2008 by vinnie
SunBeam Posted January 22, 2008 Posted January 22, 2008 @vinnie: Not the purpose of this thread Either try to figure it out on your own or take it in PMs =]
syk071c Posted January 22, 2008 Posted January 22, 2008 (edited) @vinnie: what sunbeam said you need to study up on anti-debug techniques.. it's what i did.. Edited January 22, 2008 by syk071c
Teddy Rogers Posted January 23, 2008 Posted January 23, 2008 @vinnie: what sunbeam said you need to study up on anti-debug techniques.. it's what i did.. I'm sure if he gets really stuck you will help point him in the right direction... Ted.
vinnie Posted January 24, 2008 Posted January 24, 2008 (edited) @vinnie: what sunbeam said you need to study up on anti-debug techniques.. it's what i did.. I'm sure if he gets really stuck you will help point him in the right direction... Ted. Oh well I guess but all I really wanted was a bone not the steak. Anyhow I think I am getting there in any case but Iam cheating by studying a script I think Pavka wrote. This however doesn't and won't explain the protection I think so I may well need a little guidance afterall later. So you see what you guys have done... you have made me resort to cheating...for now. Oh syk071c, is there a anti deugging paper you are referencing to?? Yes I googled and there is a huge list to go through. Edited January 24, 2008 by vinnie
lena151 Posted January 24, 2008 Author Posted January 24, 2008 (edited) I'm sure if he gets really stuck you will help point him in the right direction... Oh well I guess but all I really wanted was a bone not the steak. vinnie, I've sent you a bone and a steak by pm See there. lena151. Edited January 24, 2008 by lena151
pavka Posted January 24, 2008 Posted January 24, 2008 Хм.. My bad English Is a pity ;( do not understand sense of discussion
vinnie Posted January 24, 2008 Posted January 24, 2008 (edited) Хм.. My bad English Is a pity ;( do not understand sense of discussion@ PavkaWhat I mean is I want only a clue (bone) and I don't want the someone to show me everything ( steak )bone=clue steak=show me how to do pleaseDo you understand now?? :biggrin: Edited January 24, 2008 by vinnie
SunBeam Posted January 24, 2008 Posted January 24, 2008 @pavka: Он хотел бы знать, как запускать его в Оlly
ahmadmansoor Posted March 31, 2008 Posted March 31, 2008 I'm sure if he gets really stuck you will help point him in the right direction... Oh well I guess but all I really wanted was a bone not the steak. vinnie, I've sent you a bone and a steak by pm See there. lena151. FIRST SORRY lena151 ...i think u know ........... but is there any way to send to me some hints like vinnie . and Thanks in adv
Fungus Posted April 2, 2008 Posted April 2, 2008 Can one of you throw me a bone with this too... gettin no where. just like eXpressor throwing me bsod everytime
What Posted April 2, 2008 Posted April 2, 2008 (edited) Well I had a bypass script, but I do not know where the hell it went, so I will just describe what you need to do, vaguely. Try putting a breakpoint on the following, ZwContinue (exceptions) and GetProcAddress, I think that one is obvious. Watch the GetProcAddress for what anti debug is used. Once you find the trick, look it up. I really dont want to give away to much. When I did it I made a script and added to it as I went along so when I restarted the app I didnt have to redo any work, or remember. I think you should be able to bypass it with this info.P.S. @ Lena, Maybe work with the dll export tables so you dont have to use GetProcAddress, it will keep from easily identifying tricks. :wink: Edited April 2, 2008 by What
What Posted April 2, 2008 Posted April 2, 2008 (edited) hmm what a giveaway Well, I was going to make a tutorial on unpacking it the right way, but I am not sure if I should or if I am too lazy to. Edited April 2, 2008 by What
Fungus Posted April 3, 2008 Posted April 3, 2008 Figured out my bsod... firewall was causing it.Now, I still can't get anywhere... I figured to bp GetProcAddress before , but I can't get it to go even that far. It just runs around in the loops/obfuscation forever and never starts to load any API's or anything.:/
vinnie Posted April 3, 2008 Posted April 3, 2008 (edited) Figured out my bsod... firewall was causing it.Now, I still can't get anywhere... I figured to bp GetProcAddress before , but I can't get it to go even that far. It just runs around in the loops/obfuscation forever and never starts to load any API's or anything. :/ Just when I have deleted this pain in the arse unpackme you guys suddenly become interested in it again. Thanks What for that info. I had given up on getting it to run in Olly as Lena told me that everyone that had unpacked was using loader, except for one person and that is our resident memeber syk071c whom has of yet to divulge any further info. Pavka also said to me that Softice is the way to go but now I just might download again and see if I get anywhere with Whats' info. Edited April 3, 2008 by vinnie
What Posted April 3, 2008 Posted April 3, 2008 I had given up on getting it to run in Olly as Lena told me that everyone that had unpacked was using loader, except for one person and that is our resident memeber syk071c whom has of yet to divulge any further info.Pavka also said to me that Softice is the way to go...I dont have a problem running under olly, if you had to use softice, noone with a newer computer could unpack it. No real plugin setup is needed.
vinnie Posted April 3, 2008 Posted April 3, 2008 (edited) I had given up on getting it to run in Olly as Lena told me that everyone that had unpacked was using loader, except for one person and that is our resident memeber syk071c whom has of yet to divulge any further info.Pavka also said to me that Softice is the way to go...I dont have a problem running under olly, if you had to use softice, noone with a newer computer could unpack it. No real plugin setup is needed.Agreed.i don't use Softice and I haven't unpack it yet. I was just sharing the info I had gathered for the sake of the members who had asked about the clues that Lena gave me. Your method is much appreciated as I have really wanted to unpack this but was just not good enough.Let me also put both my hands up HIGH for any tutorial you may or may not write. Edited April 3, 2008 by vinnie
Zool@nder Posted April 3, 2008 Posted April 3, 2008 Here's my contributionI thought it was the same version as the firstnice tricks lena. thanksdumped_.zip
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now