Jump to content
Tuts 4 You

[unpackme] unpackme


mm10121991

Recommended Posts

Here ya go:

Clean dump everything returned to the original code and encryption removed as well as the macro.

http://www.2shared.c...TA7j2/dump.html

No keygen I'm not that kind of guy. Though one could easily rip the algo.

Was quite fun, not hard but it has everything for someone that wants to get introduced into unpacking. Simple redirected API's, a macro, obfuscated oep.

Not so much for the hardcore unpacker though.

Found it over @ arteam.. but seems raham beat me to it doing a clean unpack. ;)

regards,

q

dump.rar

Edited by Teddy Rogers
Attached file...
Link to comment

Well the oep obfuscation is only like 10 instructions interlaced with jumps. So that shouldn't be hard, simple manual copy paste. The other macro is a question of filtering out the useless functions and only retaining the original code which are only two/three instructions. It's obvious the PE header checking can be removed and then just dump the decrypted code to the exe.

  • Like 1
Link to comment
  • 4 months later...

1. For me the serial was: 484830


2. About the stolen OEP instructions was about 10 as mr. Q say :


 


 

PUSH EBP

MOV EBP,ESP

PUSH -0x1

PUSH 0x4050C0

PUSH 0x402678

MOV EAX,DWORD PTR FS:[0]

PUSH EAX

MOV DWORD PTR FS:[0],ESP

SUB ESP,0x58

PUSH 0x401242

 

Then i have 2 invalid imports:


GetDlgItemTextA

MessageBoxA

 

Short video attached.

The story.....rar

Edited by GIV
Link to comment
  • 2 weeks later...

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...