[unpackme] Larp V2.0 Ultra

[SunBeam]

Good work, q You need writing an *internal* tut on this lol. If that's OK with Lena She's already planning an update lol..

[What]

Damn, I was beat to it. I guess there is 3 ways to go about doing this, I have tried them all. First, the obvious way is just straight up load under a debugger, which is possible, although I did have a problem with one anti debug where I would get caught sometimes and not others, even when using a script to bypass already found anti. Second way is to just attach and hope you can find the code that looks like the lower half the the oep (lame), plus I dont think most people know how to attach with its setup. The third way is more of what quosego used I guess. There is no crc check in the code, which is weird, I thought earlier versions had it, anyway with no crc you can write an inline patch up, then EBFE when you want to stop. Since your just going to run it real quick, you can half-azz the patch, bad habit, but whatever. Another enjoyable reverse.

Edited April 28, 2008 by What

[quosego]

Impressive stuff mate, nice work

Skillful & with a great sense of humor - lethal combination!

Good work, q You need writing an *internal* tut on this lol. If that's OK with Lena She's already planning an update lol..

Thnx all, Just the result of a lot of free time and wanting to be the first.. :cool:

Doubt if I could have waited much longer..

Will make something internal if it's allowed.. Including my scripts and api modder program..

quosego

[Loki]

Now that sounds interesting

[sfs]

lena do you start the app on pc with 256 mb or 128 mb ram for testing

or start the app in 2 process and the second is crashing , on sp2

but the protection is good

[pavka]

My variant unpacked & script fix import redirect

lARP_2.0_ULTRA_Unpackme.rar

[ahmadmansoor]

My variant unpacked & script fix import redirect

hehe what this Pavka?? :happy: .....what the purpose from script if u can't pass the debugger detected ....

r u sure it is usefull :dry: ......How we know if it work ...without testing it (pls just don't say test it :whistling: )

[Sonny27]

Pavka never said that the scripts helps you getting around the debugger checks.

That

[pavka]

My variant unpacked & script fix import redirect

hehe what this Pavka?? :happy: .....what the purpose from script if u can't pass the debugger detected ....

r u sure it is usefull :dry: ......How we know if it work ...without testing it (pls just don't say test it :whistling: )

You can test so:

Make dump programs and make dump region of memory

push XXXXXXXX <---- dump region

ret

Load in Olly Dump & Load dump region and start a script

[ahmadmansoor]

Edited April 30, 2008 by ahmadmansoor

[pavka]

Load dump in Olly , end load dumped memory

Script static, only edit a mask under the region of memory!

[ahmadmansoor]

Load dump in Olly , end load dumped memory

Script static, only edit a mask under the region of memory!

I will give a try. after I back to my house ...because here i can't ..... but If i have any inquiry can i post it ..if this not bother u

Many Thanks for u

[Zool@nder]

And here"s my contribution

Too late as usual

And also my script to fix IAT redirection

Very nice work lena

ESSAI_.zip

Scrip6.txt

[SUB Z3R0]

Fellas, Put unpacking away ...

try to find DebuggerDetection Trick ...

[lena151]

O plaudite, o plaudite, gloria victis?

Vae victis!!! Felix qui potuit rerum cognoscere causas. De facto errare humanum est et beati pauperes spiritu. Contraria contraiis curantur. O acta est fabula. Aaaaah! Para bellum si vis pacem! Aaaaaah! Morituri te salutant ... ita est! Victurus te saluto, lena151 te saluto, ... ita est!

Ave atque vale.

lena151.

[Loki]

I was going to say that

[HVC]

Aio, quantitas magna frumentorum est.

[lena151]

Aio, quantitas magna frumentorum est.

O tempora! Ipso facto, ira furor brevis est ... veritas odium parit. Audaces fortuna juvat. Non omnia possumus omnes ... o fortunates nimium, sua si bona norint reverseras! O mores! Ita est ... ita diis placuit.

Aaaah! O mores! Ira furor brevis est. Ita est ... ita diis placuit.

Aaaaah! Alea jacta est! Quod erat demonstrandum.

Ave atque vale.

lena151.

[Killboy]

I 2nd Loki at that...

If I could just speak Spanish as well as you speak Latin lol

[SUB Z3R0]

Aaaah! .......

Aaaaah! .........

lena151

Is it s.e.x.y conversation ? :biggrin:

( sorry ... was just a joke ! )

Edited April 30, 2008 by SUB Z3R0

[HVC]

Non omnia possumus omnes ...

Aver...

Is it s.e.x.y conversation ? :biggrin:

LOLUS

[lena151]

Sorry guys ... some good family news made that I couldn't resist a small joke

I hope I didn't insult anybody.

lena151.

[HVC]

Actually i found it pretty amusing.

Glad to hear about the good news for your family.

[What]

Damn I am dumb, the only thing that was keeping my anti debug script from working everytime was, a normal GetTickCount with a sleep in between (if you do not know what I mean by normal, compared to other, you obviously didnt get very far). Difference needs to be 1A or something like that. Now to find one more anti debug, which is the catching of the debugger when I dont use hide toolz to hide the debugger, I figured there was no need before, but might as well.

Edited April 30, 2008 by What

[sciolist]

thanks a lot