Reverse Engineering RET Homepage RET Members Reverse Engineering Projects Reverse Engineering Papers Reversing Challenges Reverser Tools RET Re-Search Engine Reverse Engineering Forum Reverse Engineering Links

Go Back   Reverse Engineering Team Board > Reverse Engineering Board > File Unpacking
FAQ Members List Calendar Search Today's Posts Mark Forums Read

Reply
 
Thread Tools Display Modes
  #1  
Old 05-06-2010, 09:50 AM
link2kannan link2kannan is offline
Member
 
Join Date: May 2010
Posts: 15
Default Unable to Unpack this file, please try

Please try to unpack this file, i tried with olly, but finding OEP is difficult, even i can't able to get the proper packer name for these file. because PiED, DIE are sowing different packer names...

Files
First One
http://rapidshare.com/files/370444057/BM_FORAIR.exe

Second one
http://rapidshare.com/files/370442095/bmVideoPlayer.exe
Reply With Quote
  #2  
Old 03-14-2011, 08:19 AM
deepak_heatm deepak_heatm is offline
Member
 
Join Date: Jan 2011
Posts: 22
Default

i too need to unpack this same file sir:

http://www.mediafire.com/download.php?t84ctbcsk3kp6az

and another exe in the same software:

http://www.mediafire.com/?ipnd8bg07dx8360

Last edited by deepak_heatm : 03-16-2011 at 03:37 AM.
Reply With Quote
  #3  
Old 03-14-2011, 10:29 AM
yogi_saw yogi_saw is offline
Senior Member
 
Join Date: May 2009
Posts: 533
Default

Why don't u guys help each other to unpack it mutually insted of expecting somebody to help u
__________________
"Don't backstab me, i have two eyes on my back..." saint DABANGG
Reply With Quote
  #4  
Old 03-14-2011, 12:47 PM
deepak_heatm deepak_heatm is offline
Member
 
Join Date: Jan 2011
Posts: 22
Default

now wat u said is exactly right. let me try atleast..
Reply With Quote
  #5  
Old 03-15-2011, 12:56 PM
ac!d ac!d is offline
Member
 
Join Date: Sep 2010
Posts: 25
Default

scanned with protection id gave the following info:

Scanning -> .\BM_FORAIR.exe
File Type : 32-Bit Exe (Subsystem : Win GUI / 2), Size : 3124736 (02FAE00h) Byte(s)
[File Heuristics] -> Flag : 00000000000000001100000000100010 (0x0000C022)
[!] ASProtect SKE v2.1 - v2.2 detected !
- Scan Took : 0.390 Second(s) [000000186h tick(s)]
Reply With Quote
  #6  
Old 03-15-2011, 02:47 PM
G3n1us G3n1us is offline
Senior Member
 
Join Date: Dec 2010
Posts: 93
Default

I hope you will learn froam this and not just unpack and forget and i hope that tis is helpful to you (thanks for greath people for making this tuts )

http://hotfile.com/dl/110377189/6f7a..._TUTS.rar.html
Reply With Quote
  #7  
Old 03-15-2011, 02:53 PM
deepak_heatm deepak_heatm is offline
Member
 
Join Date: Jan 2011
Posts: 22
Default

thanks very much for ur guidance sirr.

hello sir.thanks for ur guidance....

i got the rva of oep value=44514 using the Aspr2.XX_unpacker_v1.14aE script.


then i loaded that file with ImpREC 1.7c and started IAT Autosearch button. now it says couldnt find anything good at this oep and it results in the invalid imports... i even tried the autotrace option. then also all the imported functions are invalid.


anyhow i ignored and tried to dump, its asking me to fix manually all the unresolved pointers coz of the invalid IAT

please help me ...

Last edited by deepak_heatm : 03-15-2011 at 11:32 PM.
Reply With Quote
  #8  
Old 03-16-2011, 11:09 AM
G3n1us G3n1us is offline
Senior Member
 
Join Date: Dec 2010
Posts: 93
Default

Maeby it is asprotect 1.23 to 2.* that say detect it easy
In that case your oep is not good i think

Watch unpakigin tuts about asprotect and you will see that is easy to find oep and when you find oep dump soft, with ollyDump plugin and try to fix iat with ImpRec

If you cannot find tuts pm me and i will send to you
Reply With Quote
  #9  
Old 03-16-2011, 02:09 PM
deepak_heatm deepak_heatm is offline
Member
 
Join Date: Jan 2011
Posts: 22
Default

exactly the DIE says asprotect 1.23 to 2.2

thanks for sharing.
Reply With Quote
  #10  
Old 03-16-2011, 04:31 PM
G3n1us G3n1us is offline
Senior Member
 
Join Date: Dec 2010
Posts: 93
Default

It is posible but maebi DiE is not corect, PeiD say ske

If any wish to learn unpackigin Git is post heare unpackigin book is wery good and you can try to search on net for Arab rUnpackigin Tuts on tuts4you also greath tuts, and so on , so on....
Reply With Quote
Reply


Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump





Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2021, Jelsoft Enterprises Ltd.