Jump to content
Tuts 4 You

[UnPackMe] Nice Unpackme/serialme by Ellvis Team RePt

GIV

By GIV
in UnPackMe

 Share

Recommended Posts

mm10121991

mm10121991

Posted
Posted (edited)

nice little unpackme


I have removed high memory anti-dump so normal pecompact unpacking can be done   :thumbs:


But wonder why the original exe just fail outside a debugger on win7 x64


 


Crackme.rar

Edited by mm10121991
Link to comment
Share on other sites
GIV

GIV

Posted
  • Author
Posted

nice little unpackme

I have removed high memory anti-dump so normal pecompact unpacking can be done   :thumbs:

But wonder why the original exe just fail outside a debugger on win7 x64

So here is the unpacked file.

Can you explain please how you removed antidump check.

dump_.rar

Tree.txt

OEP.rar

Link to comment
Share on other sites
mm10121991

mm10121991

Posted
Posted

So here is the unpacked file.

Can you explain please how you removed antidump check.

It's not a check, you just need to remove dependance on the highest 4 on the pe header and other places

Link to comment
Share on other sites
GIV

GIV

Posted
  • Author
Posted

It's not a check, you just need to remove dependance on the highest 4 on the pe header and other places

Can you explain please?

Link to comment
Share on other sites
mm10121991

mm10121991

Posted
Posted (edited)

As I said remove the highest 4 in some fields in pe header and in other places when you are debugging the crackme.


also change the delta offset on pe compact 1st seh so that you don't need to update later memory reference addresses.


Edited by mm10121991
Link to comment
Share on other sites
  • 9 years later...

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing
×
×
  • Create New...