Jump to content
View in the app

A better way to browse. Learn more.
Tuts 4 You

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

[unpackme] PESpin.v1.33

icky
icky
in UnPackMe

Featured Replies

Posted

Compiler : Visual basic


 


Plis make tutorial if u can unpack this :smilie3:


PESpin.v1.33.rar

@ icky

So I see no specials. :)

Just test it.

Only quickly unpacked.

greetz

PESpin.v1.33_Unpacked.rar

    •
    • Like 1

    Normally I do not participate to this challanges, but had nothing to do so here is my unpacked :D


     


     


    unpacked.rar

    •
    • Like 1
    • Author

    @LCF-AT and @Silence ... Unpacked work 100%... i hope u all can make tut to unpack this packer for newbie like me :)

    •
    • Thanks 1

    Hi,

    ok normaly you don't really need a tutorial for this but if you are a newbie then I could make a little exception in that case. :)

    - Video- Text Infos + details- Res Tool- Unpacked files
    Just watch and read and try and if something is not clear then ask again.

    greetz

    Unpacking PESpin.v1.33 - No Specials.rar

    •
    • Like 5
    • Thanks 1

    Here is a alternative method for OEP tracing.


     


    OEP PeSpin 1.33 VB5.rar

    •
    • Like 1

    Hi

    Thanks for help lcf-at

    Script for unpack

           

            //JJHACKER-Team-RePT

            BC
            BPMC
            BPHWC
            DBHoep:
            var oep1
            var roep
            var VirtualProtect
            var stack1
            var eip1
            var eip2
            var eip3
            var dst1
            
            gpa "VirtualProtect", "kernel32.dll"
            mov VirtualProtect, $RESULT
            add VirtualProtect, 19
            bp VirtualProtect
            ERUN
            sto
            findmem #6834F98CF2810424000EB60D684AAD4500#
            CMP $RESULT, 0
            JE Failed
            MOV oep1, $RESULT
            bp oep1
            bc VirtualProtect
            ERUN
            sto
            sto
            ask "now read and insert your first    stack value here (example:00430734)"
            MOV stack1, $RESULT
            sto
            sto
            MOV eip1, eip
            // gci eip, DESTINATION
            // MOV dst1, $RESULT
            add eip, 06
            fill eip, 0A, 90
            MOV eip2, eip
            eval "push {stack1}"
            asm eip, $RESULT
            add eip, 05
            eval "call {eip1}"
            asm eip, $RESULT
            MOV eip, eip2
            an eip
            CMT eip, "<=== OEP , Dump it !!!!!!!!!"
            eval "OEP ==> {eip2}"
            MSG $RESULT
             retFailed:    msg "Error, Unknown"    
            ret

    Edited by JJHACKER

    • Like 2

    Thank you JJ.


    This script is acceptable on VB targets only.


    •
    • Like 1
    • Author

    @LCF-AT : u tutorial is great .. many thanks bro .... i hope can learn much in u .. 


     


    @GIV : thanks so much .. so simple to unpack pespin :)


     


    @JJHACKER : Script work with me ... great script

    Let's say that VB targets are in genere more easyer to unpack than the rest of the compilers.


    Edited by GIV

    Let's say that VB targets are in genere more easyer to unpack than the rest of the compilers.

     

    that's a fair statement, in other compilers IAT is scattered..

    Thank you  cyberbob for your great protector.


    Create an account or sign in to comment

    Go to topic listing

    Configure browser push notifications
    Chrome (Android)
    1. Tap the lock icon next to the address bar.
    2. Tap Permissions → Notifications.
    3. Adjust your preference.
    Chrome (Desktop)
    1. Click the padlock icon in the address bar.
    2. Select Site settings.
    3. Find Notifications and adjust your preference.