 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
|
|
|
|
|
||||||||||
|
||||||||||||||
|
||||||||||||||
|
#1
06-24-2005, 06:23 AM
|
|||
|
|||
Sorry for the bother.. this is a file i'm gettin tired and sick of... :P Dun usually need help unpacking..
but even with Ollydbg and hide plugin, this is givin me a pain in the neck...  would be eternally grateful if someone here has the knowhow to unpack this.. i get stuck halfway.. gah... thanks a mil.. hope u dun encounter as many problems as me. I used OllyDbg 1.10 with hide plugin and using this script:- var bpaddr //Break Point Address start: run lbl1: findop eip,#C3# eob lbl2 bp $RESULT esto lbl2: bc $RESULT sto mov bpaddr,esp eob lbl3 bphws bpaddr,"r" run lbl3: bphwc bpaddr sto sto end: cmt eip,"OEP found!please dumped it!" msg "Silly Ultraprotector" ret Thanks for all help and pointers 
|
|
#2
06-24-2005, 06:36 PM
|
|||
|
|||
I've been trying to unpack this same file for the past night and a half. I'm stuck in the same place you are. <_<
It'd be greatful to find out the steps needed to accomplish this task. If anyone knows, please help.
|
|
#4
06-29-2005, 03:58 AM
|
|||
|
|||
|
OK lets all work together on this!!!!
I think this file is protected with acprotect 1.41, not ultraprotect. Im not sure if i got the correct OEP because I'm having trouble fixing the imports with ImportREC. Ok First what you need to do is in Olly's options check all the tabs under exceptions, that's how i got it to run until the ACP ok message. When you see the OK message goto the memory view in olly and set a breakpoint on access on dragonbots rdata section. and the click OK and read the address olly breaks on, and thats what im using for OEP. I load up importrec attach to an open dragonbot.exe and type in the last 4 numbers from the OEP click IAT autosearch then get imports. This returns a long list with one api that is invalid, but when i right click and use the trace3 option it finds it, and then i fix dump and get an error when i open it.
|
|
#5
06-29-2005, 10:24 PM
|
|||
|
|||
|
Lol.. hahaha!! i love ur Paintshopped No! :P
|
|
#6
06-29-2005, 10:54 PM
|
|||
|
|||
|
Hmms... the dumped.exe file has error... fixing dont seem to work
|
|
#7
07-11-2005, 11:01 PM
|
|||
|
|||
|
UltraProtect, and Asprotect have some of the best debugger protections. I hate them.
|
Linear Mode
