Jump to content
View in the app

A better way to browse. Learn more.
Tuts 4 You

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

[unpackme] From AT4RE Protector

Mouradpr
Mouradpr
in UnPackMe

Featured Replies

Posted

try to unpack it

B)

unpackME.rar

Hello Mouradpr,

ok I have unpacked this CrackMe.So I don

i think u mean the Nice Protector RVA trick LCF ? :) .....

Mourad u better work on it much more dude, u gotta use serious improvments maybe u would like to check ap0x's source for RLpack it gives cool ideas ;)

Really easy indeed...

greetz

dumped.rar

Mourad u better work on it much more dude
Really easy indeed...

Agree, even though thanks for your effort. ;) - Maybe an import protection for the next time?

easy but nice, tnx

What is the anti debug method called?

also, yay I managed to unpack an unpackme XD.

Steps: (I wish someone would post for others XD)

1. Fix the Data Directories NumberOfRvaAndSizes in the Optional Header.

2. Open the crackme in olly.

3. Step over until the first "Jump if not below (jnb)" and nop it or tick the "c" register.

4. Follow the jump below the jnb and breakpoint "jmp eax" and run.

5. step over and you are at the oep.

6. dump and crack XD.

Edited by high6

  • 2 weeks later...

Yay I did it ^_^

One question...NumberOfRvaAndSizes...how can I manually calculate the number? I put 10 in because I checked another exe and it was 10 as well and I couldn't find any link between that number and the number of existing directories. I know that NumberOfRvaAndSizes isn't important for applications in order to run inside Windows but it's important for debuggers like Olly :D

Thanks in advance!

use ollyadvanced plugin to fix that

Number is always 10h I think.

At least I've never run over sth different, except if the files were protected.

greetz

It's possible to disable directories this way, IIRC UPack sets this value to something lower so it can use the data directory table for its own code/data without having Windows throw any error messages because of invalid data.

In theory Windows should parse any data dir with a non-zero RVA and Size (as long as it's inside the bounds given by NumOfRvaAndSizes). Being the smart OS it is, it does check most values for validity.

Olly just handles them differently than some versions of Windows (XP is somewhat more relaxed than earlier versions in this matter) and throws error messages where Windows doesn't :)

Create an account or sign in to comment

Go to topic listing

Configure browser push notifications
Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.