sezar21m Posted September 1, 2009 Posted September 1, 2009 hi. Here is a new unpackme protected with themida 2.4 WITH MASTERPIECE you ENTOURAGE amunpack_me.rar
EvOlUtIoN Posted September 1, 2009 Posted September 1, 2009 (edited) Yeah, it is probably 2.0.4.0 or 2.0.5.0, also latest antidump are not present (and useless since after OEP VM is never executed).Anyway here is unpacked and rebuilt file, except .mackt section and some realign this is just like original one.Themida sections are gone, OEP is fully rebuilt.unpacked_final.zip Edited September 1, 2009 by EvOlUtIoN 1
LCF-AT Posted September 3, 2009 Posted September 3, 2009 Hi,Remove the access violation hook {also the customs if set} and let the unpacked file run from the VM OEP.Now you will break at the AV.Now have a look at the pane window and register there you can see the address what it tries to read.So you will see the mem_address+DWORD is not there in your unpacked file so you have to fix this one with the right DWORD so the mem_address is not important in this case.Now if you not have closed your first Olly then have a look at the mem_address and see the right DWORD which you need for your unpacked file.You can also find this mem_address in your unpacked file in the TM section.So in this unpackme the address is dynamic and in other app
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now