RE FORUM

[REVERSE ENGINEERING] => General Discussion => Topic started by: xexe on September 11, 2013, 10:55:57 PM

Title: custom unpacker
Post by: xexe on September 11, 2013, 10:55:57 PM: zdravim,
muzete mi prosim nekdo pomoct s unpacknutim tohoto software? (link cez PM)
myslim ze original entry point je na 0x0049DED8 ale nedari se mi rebuildnout unpacked exe.

Diky,
xexe
Title: Re: custom unpacker
Post by: pr0p4g4nd4 on September 19, 2013, 05:36:26 AM: hlavne exe:
hwbp na 005119FF, f9, na adrese 0051ABB5 zmenit JE na JMP, hwbp na 0049FB28, f9, dump, spustit
imprec - do OEP: 9FB28, stlacit AutoSearch, stlacit GetImports, stlacit Show Invalid - najde
dve invalidne, na obidve treba dvojkliknut a dat GetProcAddress z kniznice kernel32. nakoniec
dame Fix Dump a oznacime dumpnute exe.

druhe exe:
hwbp na 004A19FF, f9, na adrese 004AABB5 zmenit JE na JMP, hwbp na 0047024C, f9, dump, spustit
imprec - do OEP: 7024C, stlacit AutoSearch, stlacit GetImports, stlacit Show Invalid - najde
dve invalidne, na obidve treba dvojkliknut a dat GetProcAddress z kniznice kernel32. nakoniec
dame Fix Dump a oznacime dumpnute exe.

SMF 2.0.11 | SMF © 2015, Simple Machines