lolz2much Posted September 14, 2009 Posted September 14, 2009 Hello, here i share with you a packed file.PECompact v3.00.11-Unpack it2-(Optional) Enable button to show the hidden mesage.Greetz.PEC300.rar 1
Vovan666 Posted September 14, 2009 Posted September 14, 2009 PEcompact 3.00.1 OEP Finder var temp var rsrc var imgb var oep GMI eip, MODULEBASE mov imgb, $RESULTfind imgb, ".rsrc"mov temp, $RESULTadd temp, Cmov rsrc, [temp] add rsrc, imgb find rsrc, #5A5E5F595B5DFFE0# mov oep, $RESULT add oep,6 bp oep run sti cmt eip, "OEP" ret
lolz2much Posted September 14, 2009 Author Posted September 14, 2009 (edited) PEcompact 3.00.1 OEP Finder var temp var rsrc var imgb var oep GMI eip, MODULEBASE mov imgb, $RESULTfind imgb, ".rsrc"mov temp, $RESULTadd temp, Cmov rsrc, [temp] add rsrc, imgb find rsrc, #5A5E5F595B5DFFE0# mov oep, $RESULT add oep,6 bp oep run sti cmt eip, "OEP" ret Too easy? Edited September 14, 2009 by lolz2much
Loki Posted September 14, 2009 Posted September 14, 2009 PECompact isnt meant to be hard to unpack..... its a packer, not a protector.Basic ESP trick + import rebuild should usually sort it.
lolz2much Posted September 14, 2009 Author Posted September 14, 2009 And could you say me what is the packer of "123.flt" (Is a dll) But PeID can't recognise it.Thanks.123.rar
Loki Posted September 14, 2009 Posted September 14, 2009 Have you tried the other detectors?Protection ID is your best bet.
lolz2much Posted September 14, 2009 Author Posted September 14, 2009 I have tried with RDG Packer Detector v0.6.6 2k8.exe and it detects PECompact 2.x or 2.7. Anyway unpack dlls is very difficult for me, all dumped dlls then won't work. may be OEP: 10012A36
Nacho_dj Posted October 30, 2011 Posted October 30, 2011 I know this is an ooooold topic, sorry for this, anyway, just playing with PECompact files I came across this post, so here is the 123 file rebuilt as a dll... ...and here is the revirgin module. All of this stuff will help for a new tut about completely reversing this packer. Best regards Nacho_dj 123Revirgin.rar 123.rar 1
Zhaobo Posted February 9, 2012 Posted February 9, 2012 (edited) Borland Delphi 4.0OEP=667DC Edited February 9, 2012 by Zhaobo
Pr0c3ss Posted February 23, 2014 Posted February 23, 2014 (edited) hi bro Unpacked Filedump_.zip Edited February 23, 2014 by Pr0c3ss
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now