GIV Posted May 19, 2013 Posted May 19, 2013 Hope Ellvis does not mind but i found this quite interesting.Hope you lie-it.I already make a simple solution but i want to let you try.If you made-it post here the solution also.Crackme.rarScript.rar
mm10121991 Posted May 19, 2013 Posted May 19, 2013 (edited) nice little unpackme I have removed high memory anti-dump so normal pecompact unpacking can be done But wonder why the original exe just fail outside a debugger on win7 x64 Crackme.rar Edited May 19, 2013 by mm10121991
GIV Posted May 20, 2013 Author Posted May 20, 2013 nice little unpackme I have removed high memory anti-dump so normal pecompact unpacking can be done But wonder why the original exe just fail outside a debugger on win7 x64 So here is the unpacked file. Can you explain please how you removed antidump check. dump_.rar Tree.txt OEP.rar
mm10121991 Posted May 20, 2013 Posted May 20, 2013 So here is the unpacked file. Can you explain please how you removed antidump check. It's not a check, you just need to remove dependance on the highest 4 on the pe header and other places
GIV Posted May 20, 2013 Author Posted May 20, 2013 It's not a check, you just need to remove dependance on the highest 4 on the pe header and other places Can you explain please?
mm10121991 Posted May 20, 2013 Posted May 20, 2013 (edited) As I said remove the highest 4 in some fields in pe header and in other places when you are debugging the crackme.also change the delta offset on pe compact 1st seh so that you don't need to update later memory reference addresses. Edited May 20, 2013 by mm10121991
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now