Jump to content
View in the app

A better way to browse. Learn more.
Tuts 4 You

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

[unpackme] Obsidium 1.3.6.1

Teddy Rogers
Teddy Rogers
in UnPackMe

Featured Replies

  • Author

If anyone has finished with this unpackme and they want a little bit more fun here is another unpackme. It is the same version (1.3.6.1) with maximum protection features enabled but this one contains an encrypted overlay with "controlled access". You can download the unpackme from here:

http://rapidshare.com/files/130077264/UnPa...6.1_Overlay.zip

Ted.

easy way! ;) copy from TEMP folder in app foder

ffplay.exe ,SDL.dll ,pthreadGC2.dll, file.dat & command ffplay.exe file.dat :) )

  • Author

Lol! I don't think that was the intended approach... :rolleyes:

Ted.

May someone help me with my IAT script?

I already have a script for fixing Delphi IATs but this is C++ so a new one was needed.

This is the script:

var iat
var iatend
var apiaddress
var oep
var iatbasemov oep,eip
mov iat, 00460818		// edit iat begin here
mov iatend, 00460F2C		// edit iat end here
mov iatbase, 003D0000		// edit iat section here
add iatbase, 00100000
bphws 0047c931, "x"		// edit api holding place here (search for: 6A 01 50 6A 00 FF 76 04 FF 37 FF 53 54, enter the CALL, search for: 8B 04 90 03 C3 8B 55 F8 3B C2, use address: MOV EDX,DWORD PTR SS:[EBP-8])start:
mov apiaddress, [iat]
cmp apiaddress, iatbase	
ja next
mov eip, apiaddress
run
mov [iat], eax
rtr
sti
jmp nextnext:
add iat,4
cmp iat, iatend
je end
jmp startend:
mov eip,oep
ret

Should be clear, only thing I wanted to explain is this:

add iatbase, 00100000

There are some emulated APIs which addresses are way higher than those of the redirected ones.

I leave some out with increasing the redirection

Edited by Sonny27

May someone help me with my IAT script?

I already have a script for fixing Delphi IATs but this is C++ so a new one was needed.

This is the script:

var iat
var iatend
var apiaddress
var oep
var iatbasemov oep,eip
mov iat, 00460818		// edit iat begin here
mov iatend, 00460F2C		// edit iat end here
mov iatbase, 003D0000		// edit iat section here
add iatbase, 00100000
bphws 0047c931, "x"		// edit api holding place here (search for: 6A 01 50 6A 00 FF 76 04 FF 37 FF 53 54, enter the CALL, search for: 8B 04 90 03 C3 8B 55 F8 3B C2, use address: MOV EDX,DWORD PTR SS:[EBP-8])start:
mov apiaddress, [iat]
cmp apiaddress, iatbase	
ja next
mov eip, apiaddress
run
mov [iat], eax
rtr
sti
jmp nextnext:
add iat,4
cmp iat, iatend
je end
jmp startend:
mov eip,oep
ret

Should be clear, only thing I wanted to explain is this:

add iatbase, 00100000

There are some emulated APIs which addresses are way higher than those of the redirected ones.

I leave some out with increasing the redirection

Sorry, but may you explain that?

I don

Sorry, but may you explain that?

I don

Create an account or sign in to comment

Go to topic listing

Configure browser push notifications
Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.