Jump to content
Tuts 4 You

[unpackme] UnPackMe Obsidium 1.4.6.0 DEMO


converse

Recommended Posts

Teddy Rogers

The [unpackme] tag has been added to your topic title.

Please remember to follow and adhere to the topic title format - thankyou!

[This is an automated reply]

Link to comment

Hi,

here my unpacked file.Just test and tell.So I see just some little changes but not much about the stuff which you have enabled [iAT only].Its also just a little more obfuscated [lots of jumps] etc.

-----------------------

level: 2 of 10

-----------------------

PS: Disable DRx / restart & run

greetz

unpackme_obsidium_1.4.6.0_Unpacked.rar

  • Like 1
Link to comment

hi LCF-AT

good

Well, I wrote a demo version that is packed to the max

 

 

PS: Disable DRx / restart & rungreetz

can be more? what plugins to use? with what options, etc.

 

 

add: As always very good, but I want to hear the details or video on manual unpacking.

Edited by converse
Link to comment

Just check the main page and search for it to find some tutorials.

Plugins as always so just disable DRx and work with soft BPs.Remember that also CRC checkings are used.

So you know that you only need to fix the IAT and there you can use 2 methods.Prevent writing the redirection or get IAT after you did stop at OEP.The second way is more simple and easy to handle so you only need to catch the place where it read the dll exports.Find the right code part [use mem bp / olly trace etc] and then check it and you find quickly the place where you see all APIs in register which you then can move into your IAT locations.

Hint: If you found the right place then set also a BP at the end of the routine and if you break at the end and not at the place where it got the API then it means that your IAT ADDR [ADDR | >>IAT ADDR<<] is no API = 00 DWORD and then fill it with a 00 DWORD and as next comes the next module block.So for this you can write a very simple script.

greetz

greetz

  • Like 2
Link to comment

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...