May 2, 201312 yr unpacked using a script by lcf-at 0040124D 0BC0 OR EAX,EAX 0040124F 75 16 JNZ SHORT crackme_.00401267 00401251 6A 00 PUSH 0x0 00401253 68 7E304000 PUSH crackme_.0040307E ; ASCII "Correct!" 00401258 68 5E304000 PUSH crackme_.0040305E ; ASCII "You entered the right password!" 0040125D FF75 08 PUSH DWORD PTR SS:[EBP+0x8] 00401260 E8 8D000000 CALL crackme_.004012F2 00401265 EB 21 JMP SHORT crackme_.00401288 00401267 6A 00 PUSH 0x0 00401269 68 87304000 PUSH crackme_.00403087 ; ASCII "Nope!" 0040126E 68 8D304000 PUSH crackme_.0040308D ; ASCII "Maybe, you should try again, it's sooo easy!!" 00401273 FF75 08 PUSH DWORD PTR SS:[EBP+0x8] 00401276 E8 77000000 CALL crackme_.004012F2 Edited May 2, 201312 yr by converse
May 2, 201312 yr OEP rebuild like? Look at the stack when you reach oep. Mostly the first value there is the code the rebuild oep.
May 2, 201312 yr needed example of code near OEP for this compiler(win32asm) 1st call - GetModuleHandleA
May 2, 201312 yr The [unpackme] tag has been added to your topic title. Please remember to follow and adhere to the topic title format - thankyou! [This is an automated reply]
June 11, 201312 yr Do you get high mate? Why the password is ? 0040122C 6A 1E PUSH 0x1E 0040122E 68 37304000 PUSH crackme_.00403037 00401233 FF35 04314000 PUSH DWORD PTR DS:[0x403104] 00401239 E8 A2000000 CALL crackme_.004012E0 0040123E 68 55304000 PUSH crackme_.00403055 ; ASCII "cannabis" 00401243 68 37304000 PUSH crackme_.00403037 00401248 E8 E7000000 CALL crackme_.00401334
June 16, 201312 yr rebuild OEP Push 0 // Handle for GMHA API | 0 used for target itself CALL 00D70072 // Here my call to jmp dword [ADDR] ; GetModuleHandleA jmp 00489A47 // Jump back to return value after APIP.S. thanks LCF-ATunpacked.rar
Create an account or sign in to comment