SmilingWolf Posted September 5, 2012 Posted September 5, 2012 UnpackMe Language: MASM32 Packers: FastPack32 1.7 Have fun FastPack32.1.7.UnpackMe-STC.zip 1
Apuromafo Posted September 5, 2012 Posted September 5, 2012 (edited) unpack script for writefileA/resume... http://tuts4you.com/...d.php?view.2457 in the dumped.exe edit the oep to be 00401735 with lord pe or CFF explorer unpacked_file_unwrapped_idea_apuromafo.rar checking:post was unpacked, checking in the board the same name and was founded the script by LCF with tutorial, interesting reversing script+tut for version 1.2 (funtional in 1.7) http://forum.tuts4you.com/topic/29891-unpacking-fastpack32-12-extras/ Edited September 5, 2012 by Apuromafo
SmilingWolf Posted September 5, 2012 Author Posted September 5, 2012 (edited) It works! Nice shot EDIT 1: Just as a "pro tip": The OEP is stored in EDX after these loops: 00401350 |> /AD /LODS DWORD PTR DS:[ESI]00401351 |. |2BD0 |SUB EDX,EAX00401353 |.^\E2 FB \LOOPD SHORT FastPack.0040135000401355 |. 8B03 MOV EAX,DWORD PTR DS:[EBX]00401357 |> 3B03 /CMP EAX,DWORD PTR DS:[EBX]00401359 |.^74 FC \JE SHORT FastPack.00401357 Greets EDIT 2: D'oh! Didn't notice the tut from LCF! Well, thanks fot the tip This way we have more solutions to one problem, which is great Edited September 5, 2012 by SmilingWolf
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now