Hope Ellvis does not mind but i found this quite interesting.

Hope you lie-it.

I already make a simple solution but i want to let you try.

If you made-it post here the solution also.

Crackme.rar

Script.rar

4642

Time spent: 10 minutes.

nice little unpackme

I have removed high memory anti-dump so normal pecompact unpacking can be done  

But wonder why the original exe just fail outside a debugger on win7 x64

 

Crackme.rar

Edited May 19, 201312 yr by mm10121991

nice little unpackme

I have removed high memory anti-dump so normal pecompact unpacking can be done  

But wonder why the original exe just fail outside a debugger on win7 x64

So here is the unpacked file.

Can you explain please how you removed antidump check.

dump_.rar

Tree.txt

OEP.rar

So here is the unpacked file.

Can you explain please how you removed antidump check.

It's not a check, you just need to remove dependance on the highest 4 on the pe header and other places

It's not a check, you just need to remove dependance on the highest 4 on the pe header and other places

Can you explain please?

As I said remove the highest 4 in some fields in pe header and in other places when you are debugging the crackme.

also change the delta offset on pe compact 1st seh so that you don't need to update later memory reference addresses.

Edited May 20, 201312 yr by mm10121991

good unpackme for beginners, thanks!