Jump to content
Tuts 4 You

[UnpackMe] simple unpackme v0.1

simple

By simple
in UnPackMe

 Share

Recommended Posts

simple

simple

Posted
Posted (edited)

Hello all, welcome to my first unpackme. It won't make your code smaller though, it's more of a protector. The attached file is a simple window. The goal is to restore the .exe to it's original transparent state, and if it were a real app it could then be reversed.


 


Compiler: mingw


Name: simple


Difficulty: 1 or 1.5 / 10, no anti reversing/debug


 


Feedback is welcome, do enjoy and thank you for reversing!


SimpleUnpackMe.rar

Edited by simple
Link to comment
Share on other sites
simple

simple

Posted
  • Author
Posted (edited)

For some reason the correct unpackme was not being shown kao, No idea who's file that is but the file you just reversed wasn't mine!


 


Just to make sure, the program is a simple, empty window, no buttons, text boxes, etc, and in the caption of the window it says "Restore .exe to original state". If it's a program that does anything else, it isn't mine.


 


dm35g.jpg

Edited by simple
Link to comment
Share on other sites
kao

kao

Posted
Posted

For some reason you uploaded the wrong file? :Dhttp://forum.tuts4you.com/index.php?app=core&module=attach&section=attach&attach_id=9565 - this was the link in your original post and the file was unpackme.rar (15438 bytes). Inside it there was unpackme.exe (22528 bytes) - that's what I unpacked.

As for your "proper" unpackme - there's a small bug at address 401CA5. I'll look more into it tomorrow.

Link to comment
Share on other sites
simple

simple

Posted
  • Author
Posted (edited)

Sorry about that kao, reversed the problem and my generic naming scheme failed me.


 


Any ideas for fixing that bug? It might still run ok on win7. 


 


EDIT - Sorry if you were one of the 3 or 4 people who downloaded the incorrect crackme I posted, please confirm with the pic I posted.


Edited by simple
Link to comment
Share on other sites
redblkjck

redblkjck

Posted
Posted (edited)

Worked on Win7 x64, _SetMode never called.  Fixed stolen bytes from OEP.   Corrected imports, replaced the JMPs to the corrected CALLs.   Didn't zero out any of the excess code.  Thx
 

edit add:

In ref to 401CA5 for _SetMode

00401CA5                             .  C605 B01A4000 34    MOV     BYTE PTR [401AB0], 34
should've been
00401CA5                             .  C605 B01A4000 34    MOV     BYTE PTR [401AB2], 34

 

reuploaded and removed the excess code.  The EOF data could be wiped out and cut down the file to 7KB

UnpackMe_fix_.rar

Edited by redblkjck
Link to comment
Share on other sites
kao

kao

Posted
Posted

My version attached, imports & API calls fixed, most of junk code removed.

Note - you probably messed up import of "signal" API (00401037, 00401094, etc..), I fixed it manually, even though your code never touches it.

unpackme_patched.rar

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing
×
×
  • Create New...