icky Posted January 31, 2013 Share Posted January 31, 2013 Compiler : Visual basic Plis make tutorial if u can unpack this PESpin.v1.33.rar Link to comment Share on other sites More sharing options...
LCF-AT Posted January 31, 2013 Share Posted January 31, 2013 @ icky So I see no specials. Just test it. Only quickly unpacked. greetz PESpin.v1.33_Unpacked.rar 1 Link to comment Share on other sites More sharing options...
DeadAndGone Posted January 31, 2013 Share Posted January 31, 2013 Normally I do not participate to this challanges, but had nothing to do so here is my unpacked unpacked.rar 1 Link to comment Share on other sites More sharing options...
icky Posted February 1, 2013 Author Share Posted February 1, 2013 @LCF-AT and @Silence ... Unpacked work 100%... i hope u all can make tut to unpack this packer for newbie like me Link to comment Share on other sites More sharing options...
LCF-AT Posted February 2, 2013 Share Posted February 2, 2013 Hi, ok normaly you don't really need a tutorial for this but if you are a newbie then I could make a little exception in that case. - Video- Text Infos + details- Res Tool- Unpacked filesJust watch and read and try and if something is not clear then ask again.greetz Unpacking PESpin.v1.33 - No Specials.rar 4 Link to comment Share on other sites More sharing options...
GIV Posted February 3, 2013 Share Posted February 3, 2013 Here is a alternative method for OEP tracing. OEP PeSpin 1.33 VB5.rar 1 Link to comment Share on other sites More sharing options...
JJHACKER Posted February 4, 2013 Share Posted February 4, 2013 (edited) HiThanks for help lcf-atScript for unpack //JJHACKER-Team-RePT BC BPMC BPHWC DBHoep: var oep1 var roep var VirtualProtect var stack1 var eip1 var eip2 var eip3 var dst1 gpa "VirtualProtect", "kernel32.dll" mov VirtualProtect, $RESULT add VirtualProtect, 19 bp VirtualProtect ERUN sto findmem #6834F98CF2810424000EB60D684AAD4500# CMP $RESULT, 0 JE Failed MOV oep1, $RESULT bp oep1 bc VirtualProtect ERUN sto sto ask "now read and insert your first stack value here (example:00430734)" MOV stack1, $RESULT sto sto MOV eip1, eip // gci eip, DESTINATION // MOV dst1, $RESULT add eip, 06 fill eip, 0A, 90 MOV eip2, eip eval "push {stack1}" asm eip, $RESULT add eip, 05 eval "call {eip1}" asm eip, $RESULT MOV eip, eip2 an eip CMT eip, "<=== OEP , Dump it !!!!!!!!!" eval "OEP ==> {eip2}" MSG $RESULT retFailed: msg "Error, Unknown" ret Edited February 4, 2013 by JJHACKER 2 Link to comment Share on other sites More sharing options...
GIV Posted February 4, 2013 Share Posted February 4, 2013 Thank you JJ.This script is acceptable on VB targets only. 1 Link to comment Share on other sites More sharing options...
icky Posted February 4, 2013 Author Share Posted February 4, 2013 @LCF-AT : u tutorial is great .. many thanks bro .... i hope can learn much in u .. @GIV : thanks so much .. so simple to unpack pespin @JJHACKER : Script work with me ... great script Link to comment Share on other sites More sharing options...
GIV Posted February 5, 2013 Share Posted February 5, 2013 (edited) Let's say that VB targets are in genere more easyer to unpack than the rest of the compilers. Edited February 5, 2013 by GIV Link to comment Share on other sites More sharing options...
cyberbob Posted February 5, 2013 Share Posted February 5, 2013 Let's say that VB targets are in genere more easyer to unpack than the rest of the compilers. that's a fair statement, in other compilers IAT is scattered.. Link to comment Share on other sites More sharing options...
GIV Posted February 5, 2013 Share Posted February 5, 2013 Thank you cyberbob for your great protector. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now