Jump to content
Tuts 4 You

[unpackme] unpackme

mm10121991

By mm10121991
in UnPackMe

 Share

Recommended Posts

quosego

quosego

Posted
Posted (edited)

Here ya go:

Clean dump everything returned to the original code and encryption removed as well as the macro.

http://www.2shared.c...TA7j2/dump.html

No keygen I'm not that kind of guy. Though one could easily rip the algo.

Was quite fun, not hard but it has everything for someone that wants to get introduced into unpacking. Simple redirected API's, a macro, obfuscated oep.

Not so much for the hardcore unpacker though.

Found it over @ arteam.. but seems raham beat me to it doing a clean unpack. ;)

regards,

q

dump.rar

Edited by Teddy Rogers
Attached file...
Link to comment
Share on other sites
quosego

quosego

Posted
Posted

Well the oep obfuscation is only like 10 instructions interlaced with jumps. So that shouldn't be hard, simple manual copy paste. The other macro is a question of filtering out the useless functions and only retaining the original code which are only two/three instructions. It's obvious the PE header checking can be removed and then just dump the decrypted code to the exe.

  • Like 1
Link to comment
Share on other sites
  • 4 months later...
GIV

GIV

Posted
Posted (edited)

1. For me the serial was: 484830


2. About the stolen OEP instructions was about 10 as mr. Q say :


 


 

PUSH EBP

MOV EBP,ESP

PUSH -0x1

PUSH 0x4050C0

PUSH 0x402678

MOV EAX,DWORD PTR FS:[0]

PUSH EAX

MOV DWORD PTR FS:[0],ESP

SUB ESP,0x58

PUSH 0x401242

 

Then i have 2 invalid imports:


GetDlgItemTextA

MessageBoxA

 

Short video attached.

The story.....rar

Edited by GIV
Link to comment
Share on other sites
  • 2 weeks later...

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing
×
×
  • Create New...