Jump to content
View in the app

A better way to browse. Learn more.

Tuts 4 You

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

Featured Replies

Posted

Compiler : Visual basic


 


Plis make tutorial if u can unpack this :smilie3:


PESpin.v1.33.rar

@ icky

So I see no specials. :)

Just test it.

Only quickly unpacked.

greetz

PESpin.v1.33_Unpacked.rar

Normally I do not participate to this challanges, but had nothing to do so here is my unpacked :D


 


 


unpacked.rar

  • Author

@LCF-AT and @Silence ... Unpacked work 100%... i hope u all can make tut to unpack this packer for newbie like me :)

Hi,

ok normaly you don't really need a tutorial for this but if you are a newbie then I could make a little exception in that case. :)

- Video- Text Infos + details- Res Tool- Unpacked files
Just watch and read and try and if something is not clear then ask again.

greetz

Unpacking PESpin.v1.33 - No Specials.rar

Here is a alternative method for OEP tracing.


 


OEP PeSpin 1.33 VB5.rar

Hi

Thanks for help lcf-at

Script for unpack

       

        //JJHACKER-Team-RePT

        BC
        BPMC
        BPHWC
        DBHoep:
        var oep1
        var roep
        var VirtualProtect
        var stack1
        var eip1
        var eip2
        var eip3
        var dst1
        
        gpa "VirtualProtect", "kernel32.dll"
        mov VirtualProtect, $RESULT
        add VirtualProtect, 19
        bp VirtualProtect
        ERUN
        sto
        findmem #6834F98CF2810424000EB60D684AAD4500#
        CMP $RESULT, 0
        JE Failed
        MOV oep1, $RESULT
        bp oep1
        bc VirtualProtect
        ERUN
        sto
        sto
        ask "now read and insert your first    stack value here (example:00430734)"
        MOV stack1, $RESULT
        sto
        sto
        MOV eip1, eip
        // gci eip, DESTINATION
        // MOV dst1, $RESULT
        add eip, 06
        fill eip, 0A, 90
        MOV eip2, eip
        eval "push {stack1}"
        asm eip, $RESULT
        add eip, 05
        eval "call {eip1}"
        asm eip, $RESULT
        MOV eip, eip2
        an eip
        CMT eip, "<=== OEP , Dump it !!!!!!!!!"
        eval "OEP ==> {eip2}"
        MSG $RESULT
         retFailed:    msg "Error, Unknown"    
        ret

Edited by JJHACKER

Thank you JJ.


This script is acceptable on VB targets only.


  • Author

@LCF-AT : u tutorial is great .. many thanks bro .... i hope can learn much in u .. 


 


@GIV : thanks so much .. so simple to unpack pespin :)


 


@JJHACKER : Script work with me ... great script

Let's say that VB targets are in genere more easyer to unpack than the rest of the compilers.


Edited by GIV

Let's say that VB targets are in genere more easyer to unpack than the rest of the compilers.

 

that's a fair statement, in other compilers IAT is scattered..

Thank you  cyberbob for your great protector.


Create an account or sign in to comment

Configure browser push notifications

Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.