Jump to content
View in the app

A better way to browse. Learn more.
Tuts 4 You

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

[UnpackMe] simple unpackme v0.1

simple
simple
in UnPackMe

Featured Replies

Posted

Hello all, welcome to my first unpackme. It won't make your code smaller though, it's more of a protector. The attached file is a simple window. The goal is to restore the .exe to it's original transparent state, and if it were a real app it could then be reversed.


 


Compiler: mingw


Name: simple


Difficulty: 1 or 1.5 / 10, no anti reversing/debug


 


Feedback is welcome, do enjoy and thank you for reversing!


SimpleUnpackMe.rar

Edited by simple

{post removed, as incorrect unpackme was uploaded by author}

Edited by kao

  • Author

For some reason the correct unpackme was not being shown kao, No idea who's file that is but the file you just reversed wasn't mine!


 


Just to make sure, the program is a simple, empty window, no buttons, text boxes, etc, and in the caption of the window it says "Restore .exe to original state". If it's a program that does anything else, it isn't mine.


 


dm35g.jpg

Edited by simple

For some reason you uploaded the wrong file? :Dhttp://forum.tuts4you.com/index.php?app=core&module=attach&section=attach&attach_id=9565 - this was the link in your original post and the file was unpackme.rar (15438 bytes). Inside it there was unpackme.exe (22528 bytes) - that's what I unpacked.

As for your "proper" unpackme - there's a small bug at address 401CA5. I'll look more into it tomorrow.

  • Author

Sorry about that kao, reversed the problem and my generic naming scheme failed me.


 


Any ideas for fixing that bug? It might still run ok on win7. 


 


EDIT - Sorry if you were one of the 3 or 4 people who downloaded the incorrect crackme I posted, please confirm with the pic I posted.


Edited by simple

Worked on Win7 x64, _SetMode never called.  Fixed stolen bytes from OEP.   Corrected imports, replaced the JMPs to the corrected CALLs.   Didn't zero out any of the excess code.  Thx
 

edit add:

In ref to 401CA5 for _SetMode

00401CA5                             .  C605 B01A4000 34    MOV     BYTE PTR [401AB0], 34
should've been
00401CA5                             .  C605 B01A4000 34    MOV     BYTE PTR [401AB2], 34

 

reuploaded and removed the excess code.  The EOF data could be wiped out and cut down the file to 7KB

UnpackMe_fix_.rar

Edited by redblkjck

My version attached, imports & API calls fixed, most of junk code removed.

Note - you probably messed up import of "signal" API (00401037, 00401094, etc..), I fixed it manually, even though your code never touches it.

unpackme_patched.rar

  • Author

I just obfuscated the 4 signal calls for the heck of it. Great work kao and redblkjck, thanks for reversing.


Create an account or sign in to comment

Go to topic listing

Configure browser push notifications
Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.