Teddy Rogers Posted March 8, 2008 Share Posted March 8, 2008 eXPressor 1.6.0.1 I haven't patched the silly nag - if it pops up on you - but you get the idea... http://www.tuts4you.com/download.php?view.2179 Ted. Link to comment Share on other sites More sharing options...
pavka Posted March 8, 2008 Share Posted March 8, 2008 old script editedtested on UnPackMe_eXPressor 1.6.0.1.f.exevar oepvar mhvar cbvar cszvar mbasevar emvar iatvar E8var funcvar iat_startmov iat_start,00460818GMI eip,CODEBASEmov cb,$RESULTGMI eip,CODESIZEmov csz,$RESULTGMI eip,ENTRYmov oep,$RESULTBC oepgpa "GetProcAddress","kernel32.dll"find $RESULT,#5F5BC9C2#bp $RESULT+3erunerunbc eiprtufind eip,#595985C0#cmp $RESULT,0je quitmov [$RESULT+4],#9090# runmov [eip],#cc# mov mh,[esp+8]bp mhrunbc eipadd mh,10bp mhrunbc eipadd eip,7rtrstifind eip,#586A01585E5B5FC9C3#cmp $RESULT,0je quitmov oep,$RESULT+8bp oepGMEMI eip, MEMORYBASEmov mbase,$RESULTfind mbase,#8945D4837DD400750733C0#mov em,$RESULTbp emfind em,#C600E88B45E?#mov E8,$RESULTbp E8mov mbase,E8+2Cbp mbaseloop:eruncmp eip,emjne oepfindmov iat,eaxfind iat_start,iatmov func,$RESULTerunstimov [eax],#FF15#eruninc eaxadd eip,2mov [eax],funcjmp loopoepfind:bc eipstiBPRM cb, cszrunBPMCbc E8bc embc mbaseCMT eip,"OEP"mov iat_start,40008Cmov [iat_start],60000dpe "dump.exe", eipmsg " File Unpacked"retquit:ret Link to comment Share on other sites More sharing options...
What Posted March 8, 2008 Share Posted March 8, 2008 I think their file sizes got slightly bigger, but their protection hasnt really upgraded, guess we will have to wait for 2.0 for major change. Anyways, its always a good intermediate challenge. Thanks for the unpackmes. Link to comment Share on other sites More sharing options...
Teddy Rogers Posted March 8, 2008 Author Share Posted March 8, 2008 I think their file sizes got slightly biggerI didn't pack resources this time...Ted. Link to comment Share on other sites More sharing options...
metr0 Posted March 8, 2008 Share Posted March 8, 2008 Hm, somehow like this one, gonna write a simple tut for first protected exe. Link to comment Share on other sites More sharing options...
metr0 Posted March 8, 2008 Share Posted March 8, 2008 Here it is: (Topiclink). Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now