Jump to content
Tuts 4 You

[Unpackme]LCGUnPackMe

thisistest

By thisistest
in UnPackMe

 Share

Recommended Posts

Zool@nder

Zool@nder

Posted
Posted

PEspin 1.32

use script to unpack then Spinano to fix nanomites

thisistest

thisistest

Posted
  • Author
Posted

0041A18A 8907 MOV DWORD PTR DS:[EDI],EAX

0041A18C EB 02 JMP SHORT LCGUnPac.0041A190

0041A18E 02F5 ADD DH,CH

0041A190 F9 STC

0041A191 72 08 JB SHORT LCGUnPac.0041A19B

0041C8FC 0000 ADD BYTE PTR DS:[EAX],AL

0041C8FE 0000 ADD BYTE PTR DS:[EAX],AL

0041C900 0000 ADD BYTE PTR DS:[EAX],AL

0041C902 0000 ADD BYTE PTR DS:[EAX],AL

0041C904 0000 ADD BYTE PTR DS:[EAX],AL

0041C906 0000 ADD BYTE PTR DS:[EAX],AL

0041C908 0000 ADD BYTE PTR DS:[EAX],AL

0041C90A 0000 ADD BYTE PTR DS:[EAX],AL

0041C90C 0000 ADD BYTE PTR DS:[EAX],AL

0041C90E 0000 ADD BYTE PTR DS:[EAX],AL

0041C910 0000 ADD BYTE PTR DS:[EAX],AL

0041C912 0000 ADD BYTE PTR DS:[EAX],AL

0041C914 0000 ADD BYTE PTR DS:[EAX],AL

0041C916 0000 ADD BYTE PTR DS:[EAX],AL

3E 8B 44 24 C4 3E 2B 44 24 C8 89 07 E9 3E D8 FF FF

0041C8FC 3E:8B4424 C4 MOV EAX,DWORD PTR DS:[ESP-3C] ; ntdll.7C930041

0041C901 3E:2B4424 C8 SUB EAX,DWORD PTR DS:[ESP-38]

0041C906 8907 MOV DWORD PTR DS:[EDI],EAX

0041C908 ^ E9 83D8FFFF JMP LCGUnPac.0041A190

0041C90D 90 NOP

0041ACF7 55 PUSH EBP 1

0041ACF8 EB 01 JMP SHORT LCGUnPac.0041ACFB

0041ACFA 288B ECEB01E1 SUB BYTE PTR DS:[EBX+E101EBEC],CL

0041ACFB 8BEC MOV EBP,ESP 2

0041ACFD EB 01 JMP SHORT LCGUnPac.0041AD00

0041ACFF E1 6A LOOPDE SHORT LCGUnPac.0041AD6B

0041AD00 6A FF PUSH -1 3

0041AD02 EB 01 JMP SHORT LCGUnPac.0041AD05

0041AD04 1D 680C9F19 SBB EAX,199F0C68

0041AD05 68 0C9F1948 PUSH 48199F0C

0041AD0A 812C24 FC4DD947 SUB DWORD PTR SS:[ESP],47D94DFC

0041AD11 68 9166D60A PUSH 0AD66691

0041AD16 812C24 2941960A SUB DWORD PTR SS:[ESP],0A964129

0012FFD4 00402568 LCGUnPac.00402568

0012FFD8 00405110 LCGUnPac.00405110

0012FFDC FFFFFFFF

0041AD1D 64:A1 00000000 MOV EAX,DWORD PTR FS:[0] 6

0041AD23 EB 01 JMP SHORT LCGUnPac.0041AD26

0041AD26 50 PUSH EAX 7

0041AD27 EB 01 JMP SHORT LCGUnPac.0041AD2A

0041AD29 216489 25 AND DWORD PTR DS:[ECX+ECX*4+25],ESP

0041AD2A 64:8925 00000000 MOV DWORD PTR FS:[0],ESP 8

0041AD31 EB 01 JMP SHORT LCGUnPac.0041AD34

0041AD33 67:83EC 58 SUB ESP,58 ; Superfluous prefix

0041AD34 83EC 58 SUB ESP,58 9

0041AD37 EB 01 JMP SHORT LCGUnPac.0041AD3A

0041AD3A 53 PUSH EBX 10

0041AD3B EB 01 JMP SHORT LCGUnPac.0041AD3E

0041AD3E 56 PUSH ESI 11 ; ntdll.7C930228

0041AD3F EB 01 JMP SHORT LCGUnPac.0041AD42

0041AD42 57 PUSH EDI 12 ; KERNEL32.7C816FE7

0041AD43 EB 01 JMP SHORT LCGUnPac.0041AD46

0041AD46 8965 E8 MOV DWORD PTR SS:[EBP-18],ESP 13

0041AD49 EB 01 JMP SHORT LCGUnPac.0041AD4C

0041AD4C FF15 BDDE4100 CALL DWORD PTR DS:[41DEBD] 14 ; KERNEL32.GetVersion

0041AD52 EB 01 JMP SHORT LCGUnPac.0041AD55

0041AD55 33D2 XOR EDX,EDX 15

0041AD57 EB 01 JMP SHORT LCGUnPac.0041AD5A

0041AD5A 8AD4 MOV DL,AH 16

0041AD5C EB 01 JMP SHORT LCGUnPac.0041AD5F

0041AD5F 8915 90854000 MOV DWORD PTR DS:[408590],EDX

0041AD65 EB 01 JMP SHORT LCGUnPac.0041AD68

0041AD68 8BC8 MOV ECX,EAX

0041AD6A EB 01 JMP SHORT LCGUnPac.0041AD6D

0041AD6D 81E1 FF000000 AND ECX,0FF

0041AD73 EB 01 JMP SHORT LCGUnPac.0041AD76

0041AD76 890D 8C854000 MOV DWORD PTR DS:[40858C],ECX

0041AD7C EB 01 JMP SHORT LCGUnPac.0041AD7F

0041AD7F C1E1 08 SHL ECX,8

0041AD82 EB 01 JMP SHORT LCGUnPac.0041AD85

0041AD85 - E9 5A6BFEFF JMP LCGUnPac.004018E4

0041AD8A DF ??? ; Unknown command

0041AD8B 0FA7 ??? ; Unknown command

0041AD8D 3D 8E5A1FFC CMP EAX,FC1F5A8E

004018E4 8DC0 LEA EAX,EAX oep near ; Illegal use of register

004018E6 890D 88854000 MOV DWORD PTR DS:[408588],ECX

004018EC C1E8 10 SHR EAX,10

004018EF A3 84854000 MOV DWORD PTR DS:[408584],EAX

004018F4 33F6 XOR ESI,ESI ; ntdll.7C930228

004018F6 56 PUSH ESI ; ntdll.7C930228

004018F7 E8 E4E8FFFF CALL LCGUnPac.004001E0

004018FC 59 POP ECX ; KERNEL32.7C816FE7

0040189D 0000 ADD BYTE PTR DS:[EAX],AL oep

0040189F 0000 ADD BYTE PTR DS:[EAX],AL

004018A1 0000 ADD BYTE PTR DS:[EAX],AL

004018A3 0000 ADD BYTE PTR DS:[EAX],AL

004018A5 0000 ADD BYTE PTR DS:[EAX],AL

55 8B EC 6A FF 68 10 51 40 00 68 68 25 40 00 64 A1 00 00 00 00 50 64 89 25 00 00 00 00 83 EC 58

53 56 57 89 65 E8 FF 15 BD DE 41 00 33 D2 8A D4 89 15 90 85 40 00 8B C8 81 E1 FF 00 00 00 89 0D

8C 85 40 00 C1 E1 08 90

oep

GROUPBOX "考核要求", -1, 2, 43, 185, 63

LTEXT "一:必须要亲自手动脱壳!", -1, 8, 53, 137, 9

LTEXT "二:不准使用他人的脱壳机和脚本!", -1, 8, 64, 133, 8

LTEXT "三:不准与他人讨论或泄漏考题!", -1, 8, 77, 137, 8

LTEXT "四:需要提交详细的脱壳分析文档!", -1, 8, 90, 138, 10

ICON 102, 1000, 15, 110, 20, 20

PUSHBUTTON "吾爱破解技术论坛", 1001, 108, 111, 79, 19

CONTROL 105, 1002, "STATIC", SS_BITMAP | WS_BORDER, 0, 1, 189, 40

iat.txt

frozenrain

frozenrain

Posted
Posted

hi thisistest

Do you want to join LCG,How did you get this program?

thx

Hmily

Hmily

Posted
Posted

他是中国人,不用说英文了,看他传的iat附件可以看到路径名......

thisistest

thisistest

Posted
  • Author
Posted

你很聪明!我们是一家人!

You are very clever! We are family!

thisistest

thisistest

Posted
  • Author
Posted

I believe that the snd very strong! No matter where as long as it learned something!

  • 1 month later...
iat

iat

Posted
Posted

我也是中国人,看到大家真高兴。

  • 2 years later...

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing
×
×
  • Create New...