Jump to content
Tuts 4 You

[Unpack] PECompact v3.00.1


lolz2much

Recommended Posts

PEcompact 3.00.1 OEP Finder

        var temp
var rsrc
var imgb
var oep
GMI eip, MODULEBASE
mov imgb, $RESULT
find imgb, ".rsrc"
mov temp, $RESULT
add temp, C
mov rsrc, [temp]
add rsrc, imgb
find rsrc, #5A5E5F595B5DFFE0#
mov oep, $RESULT
add oep,6
bp oep
run
sti
cmt eip, "OEP"
ret
Link to comment

PEcompact 3.00.1 OEP Finder

        var temp
var rsrc
var imgb
var oep
GMI eip, MODULEBASE
mov imgb, $RESULT
find imgb, ".rsrc"
mov temp, $RESULT
add temp, C
mov rsrc, [temp]
add rsrc, imgb
find rsrc, #5A5E5F595B5DFFE0#
mov oep, $RESULT
add oep,6
bp oep
run
sti
cmt eip, "OEP"
ret

:o Too easy?

Edited by lolz2much
Link to comment

I have tried with RDG Packer Detector v0.6.6 2k8.exe and it detects PECompact 2.x or 2.7. Anyway unpack dlls is very difficult for me, all dumped dlls then won't work. may be OEP: 10012A36

Link to comment
  • 2 years later...

I know this is an ooooold topic, sorry for this, anyway, just playing with PECompact files I came across this post, so here is the 123 file rebuilt as a dll...

...and here is the revirgin module. All of this stuff will help for a new tut about completely reversing this packer. ;)

Best regards

Nacho_dj

123Revirgin.rar

123.rar

  • Like 1
Link to comment
  • 3 months later...
  • 2 years later...

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...