Reverse Engineering RET Homepage RET Members Reverse Engineering Projects Reverse Engineering Papers Reversing Challenges Reverser Tools RET Re-Search Engine Reverse Engineering Forum Reverse Engineering Links

Go Back   Reverse Engineering Team Board > Reverse Engineering Board > File Unpacking
FAQ Members List Calendar Search Today's Posts Mark Forums Read

Thread Tools Display Modes
Old 05-11-2005, 05:21 AM
Dr.Bizar Dr.Bizar is offline
Junior Member
Join Date: May 2005
Posts: 2

Hi. First off i'm glad to be a new member of this forum

I've been playing around with some unpacking - gotta learn it somday...

Hope it's okay to mention the target ? (ed. sna: it is not)

I'm somewhat a newb so plz hold my hand with this one... :unsure:
Planing to pop a tutorial ones i'm done. - other newbs will need a hand to.

Here's what i've done so far; I found the EOP using OllyDbg.
EOP at EIP = 0042D5BB => EP = 0002C9BB -- Plz do correct me if this is wrong.

Next i corrected the IAT using ImportReg.
Finaly i REbuilded and fixed EP using LordPE...

NOTHING WORKS... A'm I missing some stolen bytes ? - Don't get it - Gotta hate Adpr...

Thx in advance

Kind Regards Dr.Bizar
Reply With Quote
Old 05-12-2005, 10:15 AM
JohnWho JohnWho is offline
Junior Member
Join Date: May 2005
Posts: 4

First of all i would suggest you to remove the link to the target...

You need to describe whats happening when your running your unpacked file, does it crash with the default Windows message or does the program give you a message. Did you change EP loop from EB FE back to 55 8b or whatever bytes located on OEP? Try trace from EP of unpacked file to see where the program crash, maybe ImpRec didn't fix all imports. There so many things that could make your unpacked file not running so you need to describe exactly whats happening...!

Reply With Quote

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump

Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2022, Jelsoft Enterprises Ltd.