iChallengeYou Posted December 27, 2014 Posted December 27, 2014 (edited) This one should a little bit harder then the previous one. Still no xp support yet. Goodluck 1. Gold: SmilingWolf 2. Silver: GIV 3. Bronze: ... iChallengeYou UnpackMe #2.rar Edited December 28, 2014 by iChallengeYou 1
SmilingWolf Posted December 27, 2014 Posted December 27, 2014 (edited) Dirty unpacked, might update later with a cleaner one. EDIT: did it and updated the attachment Now the unpacked is half the size of the packed file iChallengeYou UnpackMe #2_cleanup.7z Edited December 27, 2014 by SmilingWolf 2
iChallengeYou Posted December 27, 2014 Author Posted December 27, 2014 Damn, that is really fast SmilingWolf! Seems you won the gold medal So how did you do this so fast? Did you traced all the code, or did you used api's to find the oep?
SmilingWolf Posted December 27, 2014 Posted December 27, 2014 (edited) - Break on system breakpoint - MEMBP on execution on the first .aspack section - Unpack AsPack - When I see all the ugly code i chicken out and put a MEMBP on execution on the .text section - run, reach the OEP, dump, fix the imports - Be a good housewife and do the cleanings Done! Edited December 27, 2014 by SmilingWolf 3
iChallengeYou Posted December 27, 2014 Author Posted December 27, 2014 Thanks for the little tutorial & well done!
GIV Posted December 28, 2014 Posted December 28, 2014 Damn, that is really fast SmilingWolf! Seems you won the gold medal So how did you do this so fast? Did you traced all the code, or did you used api's to find the oep? Easy enough. OEP is clear and easy to find. Imports clear. Just kill the TLS after unpack. dump_IF.7z 1
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now