Asian Dragon Posted May 2, 2013 Posted May 2, 2013 UnpackMe VMprotect Ultimate v2.12.3 crackme.vmp.rar
converse Posted May 2, 2013 Posted May 2, 2013 (edited) unpacked using a script by lcf-at 0040124D 0BC0 OR EAX,EAX 0040124F 75 16 JNZ SHORT crackme_.00401267 00401251 6A 00 PUSH 0x0 00401253 68 7E304000 PUSH crackme_.0040307E ; ASCII "Correct!" 00401258 68 5E304000 PUSH crackme_.0040305E ; ASCII "You entered the right password!" 0040125D FF75 08 PUSH DWORD PTR SS:[EBP+0x8] 00401260 E8 8D000000 CALL crackme_.004012F2 00401265 EB 21 JMP SHORT crackme_.00401288 00401267 6A 00 PUSH 0x0 00401269 68 87304000 PUSH crackme_.00403087 ; ASCII "Nope!" 0040126E 68 8D304000 PUSH crackme_.0040308D ; ASCII "Maybe, you should try again, it's sooo easy!!" 00401273 FF75 08 PUSH DWORD PTR SS:[EBP+0x8] 00401276 E8 77000000 CALL crackme_.004012F2 Edited May 2, 2013 by converse
Asian Dragon Posted May 2, 2013 Author Posted May 2, 2013 @converseOK, after unpack the file but does not workHow to fix?
TomaHawk Posted May 2, 2013 Posted May 2, 2013 OEP rebuild like? Look at the stack when you reach oep. Mostly the first value there is the code the rebuild oep.
Asian Dragon Posted May 2, 2013 Author Posted May 2, 2013 thank you TomaHawk and converseI will try now
av999 Posted May 2, 2013 Posted May 2, 2013 needed example of code near OEP for this compiler(win32asm) 1st call - GetModuleHandleA
Teddy Rogers Posted May 2, 2013 Posted May 2, 2013 The [unpackme] tag has been added to your topic title. Please remember to follow and adhere to the topic title format - thankyou! [This is an automated reply]
converse Posted June 11, 2013 Posted June 11, 2013 Do you get high mate? Why the password is ? 0040122C 6A 1E PUSH 0x1E 0040122E 68 37304000 PUSH crackme_.00403037 00401233 FF35 04314000 PUSH DWORD PTR DS:[0x403104] 00401239 E8 A2000000 CALL crackme_.004012E0 0040123E 68 55304000 PUSH crackme_.00403055 ; ASCII "cannabis" 00401243 68 37304000 PUSH crackme_.00403037 00401248 E8 E7000000 CALL crackme_.00401334
converse Posted June 16, 2013 Posted June 16, 2013 rebuild OEP Push 0 // Handle for GMHA API | 0 used for target itself CALL 00D70072 // Here my call to jmp dword [ADDR] ; GetModuleHandleA jmp 00489A47 // Jump back to return value after APIP.S. thanks LCF-ATunpacked.rar 1
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now