converse Posted January 27, 2014 Share Posted January 27, 2014 (edited) UnPackMe Safengine Shielden 2.2.4.0please unpacking video tutorial pass - 123UnPackMe Safengine Shielden 2.2.4.0.rar Edited January 27, 2014 by converse 1 Link to comment Share on other sites More sharing options...
mrexodia Posted January 27, 2014 Share Posted January 27, 2014 (edited) whats the password? edit: it's '123' Edited January 27, 2014 by Mr. eXoDia Link to comment Share on other sites More sharing options...
converse Posted January 27, 2014 Author Share Posted January 27, 2014 whats the password?edit: it's '123' sorrypass - 123 Link to comment Share on other sites More sharing options...
LCF-AT Posted January 27, 2014 Share Posted January 27, 2014 Hi, ok here my unpacked file. Just test and tell whether all is working so I have not test it now on other OS. greetz UnPackMe Safengine Shielden 2.2.4.0_Unpacked.rar 2 Link to comment Share on other sites More sharing options...
Lostin Posted January 28, 2014 Share Posted January 28, 2014 Works fine. Nicely fixed imports too, well done LCF-AT Link to comment Share on other sites More sharing options...
Teddy Rogers Posted January 28, 2014 Share Posted January 28, 2014 The [unpackme] tag has been added to your topic title. Please remember to follow and adhere to the topic title format - thankyou! [This is an automated reply] Link to comment Share on other sites More sharing options...
tutsdzzb Posted January 28, 2014 Share Posted January 28, 2014 Hi, ok here my unpacked file. Just test and tell whether all is working so I have not test it now on other OS. greetz Can u make a video tutorial to us? thanx Link to comment Share on other sites More sharing options...
LCF-AT Posted January 28, 2014 Share Posted January 28, 2014 Hi Lostin, thanks for testing. @ tutsdzzb What you wanna know?How to find OEP? 00461B9D MOV CL,DL ------------------------------- 005B3F92 MOV ESP,EBP 005B3F94 POPFD 005B3F95 JMP 005B3E2D 005B3E2D POPAD 005B3E2E RETN 0044E215 MOV EBP,ESP ; OEP 2. command Also if you force to run the file twice from TLS / EP then you can trace very quick to OEP.This you can do if you don't know how to find the OEP but this I told already in any other topic.A good idea is it to check the PE Header so most protectors using some direct static commands to read first datas from Header. CMP WORD PTR DS:[EAX],5A4D ; MZ = Base MOVZX EBX,WORD PTR DS:[EAX+3C] ; Offset to PE ADD EBX,EAX ; Offset + Base = PE start CMP WORD PTR DS:[EBX],4550 ; PE PUSH EAX ; Base CALL 005B40BF POP EAX ; 005B40BF SUB EAX,5B40BF ; 005B40BF CMP DWORD PTR DS:[EAX+460010],0 ; 0+460010 = 460010 INC DWORD PTR DS:[EAX+460010] ; 0 = Way1 not 0 = Way2 =short way to OEP This is just a marker so just use it to find quickly the OEP Only working if Way 1 was already executed of course! About DLL Emulation you should check the Heaps there you can find a created log table by safengine to store infos into.If you do manipulate it correctly then the DLL EMU is prevent. Imports can you find via little tracing + stopping at each call to API then read stack to know which API command is used [call / jmp / call to jump / mov etc].So for this you should create any script or better write a auto tracer code to save much time. greetz 1 Link to comment Share on other sites More sharing options...
tutsdzzb Posted January 29, 2014 Share Posted January 29, 2014 Hi Lostin, thanks for testing. @ tutsdzzb What you wanna know?How to find OEP? 00461B9D MOV CL,DL ------------------------------- 005B3F92 MOV ESP,EBP 005B3F94 POPFD 005B3F95 JMP 005B3E2D 005B3E2D POPAD 005B3E2E RETN 0044E215 MOV EBP,ESP ; OEP 2. command Also if you force to run the file twice from TLS / EP then you can trace very quick to OEP.This you can do if you don't know how to find the OEP but this I told already in any other topic.A good idea is it to check the PE Header so most protectors using some direct static commands to read first datas from Header. CMP WORD PTR DS:[EAX],5A4D ; MZ = Base MOVZX EBX,WORD PTR DS:[EAX+3C] ; Offset to PE ADD EBX,EAX ; Offset + Base = PE start CMP WORD PTR DS:[EBX],4550 ; PE PUSH EAX ; Base CALL 005B40BF POP EAX ; 005B40BF SUB EAX,5B40BF ; 005B40BF CMP DWORD PTR DS:[EAX+460010],0 ; 0+460010 = 460010 INC DWORD PTR DS:[EAX+460010] ; 0 = Way1 not 0 = Way2 =short way to OEP This is just a marker so just use it to find quickly the OEP Only working if Way 1 was already executed of course! About DLL Emulation you should check the Heaps there you can find a created log table by safengine to store infos into.If you do manipulate it correctly then the DLL EMU is prevent. Imports can you find via little tracing + stopping at each call to API then read stack to know which API command is used [call / jmp / call to jump / mov etc].So for this you should create any script or better write a auto tracer code to save much time. greetz OK i understand some.. thanks for your Detailed description。。。很荣幸与大牛近距离交流^^ Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now