[unpackme] PESpin.v1.33

[icky]

Compiler : Visual basic

 

Plis make tutorial if u can unpack this

PESpin.v1.33.rar

[LCF-AT]

@ icky

So I see no specials.

Just test it.

Only quickly unpacked.

greetz

PESpin.v1.33_Unpacked.rar

[DeadAndGone]

Normally I do not participate to this challanges, but had nothing to do so here is my unpacked

 

 

unpacked.rar

[icky]

@LCF-AT and @Silence ... Unpacked work 100%... i hope u all can make tut to unpack this packer for newbie like me

[LCF-AT]

Hi,

ok normaly you don't really need a tutorial for this but if you are a newbie then I could make a little exception in that case.

- Video- Text Infos + details- Res Tool- Unpacked files

Just watch and read and try and if something is not clear then ask again.

greetz

Unpacking PESpin.v1.33 - No Specials.rar

[GIV]

Here is a alternative method for OEP tracing.

 

OEP PeSpin 1.33 VB5.rar

[JJHACKER]

Hi

Thanks for help lcf-at

Script for unpack

       

        //JJHACKER-Team-RePT

        BC
        BPMC
        BPHWC
        DBHoep:
        var oep1
        var roep
        var VirtualProtect
        var stack1
        var eip1
        var eip2
        var eip3
        var dst1
        
        gpa "VirtualProtect", "kernel32.dll"
        mov VirtualProtect, $RESULT
        add VirtualProtect, 19
        bp VirtualProtect
        ERUN
        sto
        findmem #6834F98CF2810424000EB60D684AAD4500#
        CMP $RESULT, 0
        JE Failed
        MOV oep1, $RESULT
        bp oep1
        bc VirtualProtect
        ERUN
        sto
        sto
        ask "now read and insert your first    stack value here (example:00430734)"
        MOV stack1, $RESULT
        sto
        sto
        MOV eip1, eip
        // gci eip, DESTINATION
        // MOV dst1, $RESULT
        add eip, 06
        fill eip, 0A, 90
        MOV eip2, eip
        eval "push {stack1}"
        asm eip, $RESULT
        add eip, 05
        eval "call {eip1}"
        asm eip, $RESULT
        MOV eip, eip2
        an eip
        CMT eip, "<=== OEP , Dump it !!!!!!!!!"
        eval "OEP ==> {eip2}"
        MSG $RESULT
         retFailed:    msg "Error, Unknown"    
        ret

Edited February 4, 2013 by JJHACKER

[GIV]

Thank you JJ.

This script is acceptable on VB targets only.

[icky]

@LCF-AT : u tutorial is great .. many thanks bro .... i hope can learn much in u .. 

 

@GIV : thanks so much .. so simple to unpack pespin

 

@JJHACKER : Script work with me ... great script

[GIV]

Let's say that VB targets are in genere more easyer to unpack than the rest of the compilers.

Edited February 5, 2013 by GIV

[cyberbob]

Let's say that VB targets are in genere more easyer to unpack than the rest of the compilers.

 

that's a fair statement, in other compilers IAT is scattered..

[GIV]

Thank you  cyberbob for your great protector.