Jump to content
Tuts 4 You
flamer

UPX 3.93

Recommended Posts

flamer

Hi all,

 

I am struggling to unpack a 64 bit DLL file that is packed with UPX 3.93. I have been able to upx -d with no issue. But n order to debug it, I need it to work, so I need to fix the import table and OEP. Does anyone have any steps on how I can do this? Being 64 bit the tutorials do not help me and I can't find anything for a 64-bit dll. If I can find the OEP I can use OllydumperEX but I cannot even find that!

 

 

Share this post


Link to post
Share on other sites
Sirte

I got a similar problem with a modified version of UPX 3.91, unpacks fine with -d but crashes on start, there's no PUSHAD opcall and manually tracing left me with nothing.

In olly I'd use Debugging -> SFX -> "Trace real entry blockwise" but this functionality is not available in x64dbg.

Edited by Sirte

Share this post


Link to post
Share on other sites
deepzero

Attach the target or give more info about the crash...

Share this post


Link to post
Share on other sites
Sirte
23 hours ago, deepzero said:

Attach the target or give more info about the crash...

Crashes at a jump to a non-existing address in init. Seems like some dll (ucrtbas) is screwed.

image.png.1aaba73b1bd04fed7ec5f1004349a201.png

 

 

Edited by Sirte

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×