LCF-AT Posted June 30, 2008 Posted June 30, 2008 Hello Mouradpr,ok I have unpacked this CrackMe.So I don
Angel-55 Posted June 30, 2008 Posted June 30, 2008 i think u mean the Nice Protector RVA trick LCF ? ..... Mourad u better work on it much more dude, u gotta use serious improvments maybe u would like to check ap0x's source for RLpack it gives cool ideas
metr0 Posted June 30, 2008 Posted June 30, 2008 Mourad u better work on it much more dude Really easy indeed... Agree, even though thanks for your effort. - Maybe an import protection for the next time?
high6 Posted July 2, 2008 Posted July 2, 2008 (edited) What is the anti debug method called?also, yay I managed to unpack an unpackme XD.Steps: (I wish someone would post for others XD)1. Fix the Data Directories NumberOfRvaAndSizes in the Optional Header.2. Open the crackme in olly.3. Step over until the first "Jump if not below (jnb)" and nop it or tick the "c" register.4. Follow the jump below the jnb and breakpoint "jmp eax" and run.5. step over and you are at the oep.6. dump and crack XD. Edited July 2, 2008 by high6
Unbekannt1 Posted July 12, 2008 Posted July 12, 2008 Yay I did it One question...NumberOfRvaAndSizes...how can I manually calculate the number? I put 10 in because I checked another exe and it was 10 as well and I couldn't find any link between that number and the number of existing directories. I know that NumberOfRvaAndSizes isn't important for applications in order to run inside Windows but it's important for debuggers like Olly Thanks in advance!
Sonny27 Posted July 14, 2008 Posted July 14, 2008 Number is always 10h I think.At least I've never run over sth different, except if the files were protected.greetz
Killboy Posted July 14, 2008 Posted July 14, 2008 It's possible to disable directories this way, IIRC UPack sets this value to something lower so it can use the data directory table for its own code/data without having Windows throw any error messages because of invalid data. In theory Windows should parse any data dir with a non-zero RVA and Size (as long as it's inside the bounds given by NumOfRvaAndSizes). Being the smart OS it is, it does check most values for validity. Olly just handles them differently than some versions of Windows (XP is somewhat more relaxed than earlier versions in this matter) and throws error messages where Windows doesn't
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now