Reverse Engineering RET Homepage RET Members Reverse Engineering Projects Reverse Engineering Papers Reversing Challenges Reverser Tools RET Re-Search Engine Reverse Engineering Forum Reverse Engineering Links

Go Back   Reverse Engineering Team Board > Reverse Engineering Board > File Unpacking
FAQ Members List Calendar Search Today's Posts Mark Forums Read

Reply
 
Thread Tools Display Modes
  #1  
Old 06-24-2005, 06:23 AM
ultraprotectkillinMe ultraprotectkillinMe is offline
Junior Member
 
Join Date: Jun 2005
Posts: 3
Default

Sorry for the bother.. this is a file i'm gettin tired and sick of... :P Dun usually need help unpacking..
but even with Ollydbg and hide plugin, this is givin me a pain in the neck...
would be eternally grateful if someone here has the knowhow to unpack this.. i get stuck halfway..

gah... thanks a mil.. hope u dun encounter as many problems as me.
I used OllyDbg 1.10 with hide plugin and using this script:-


var bpaddr //Break Point Address

start:
run

lbl1:
findop eip,#C3#
eob lbl2
bp $RESULT
esto

lbl2:
bc $RESULT
sto
mov bpaddr,esp
eob lbl3
bphws bpaddr,"r"
run

lbl3:
bphwc bpaddr
sto
sto

end:
cmt eip,"OEP found!please dumped it!"
msg "Silly Ultraprotector"
ret

Thanks for all help and pointers
Reply With Quote
  #2  
Old 06-24-2005, 06:36 PM
Jenda Jenda is offline
Junior Member
 
Join Date: Jun 2005
Location: Newburgh, IN
Posts: 1
Send a message via AIM to Jenda
Arrow

I've been trying to unpack this same file for the past night and a half. I'm stuck in the same place you are. <_<

It'd be greatful to find out the steps needed to accomplish this task. If anyone knows, please help.
Reply With Quote
  #3  
Old 06-27-2005, 09:54 AM
beko beko is offline
Junior Member
 
Join Date: Jun 2005
Posts: 1
Default

I was bussy with this 2, hard to unpack.
Reply With Quote
  #4  
Old 06-29-2005, 03:58 AM
v3in v3in is offline
Junior Member
 
Join Date: Jun 2005
Posts: 1
Default

OK lets all work together on this!!!!

I think this file is protected with acprotect 1.41, not ultraprotect.

Im not sure if i got the correct OEP because I'm having trouble fixing the imports with ImportREC.

Ok First what you need to do is in Olly's options check all the tabs under exceptions, that's how i got it to run until the ACP ok message.

When you see the OK message goto the memory view in olly and set a breakpoint on access on dragonbots rdata section.

and the click OK and read the address olly breaks on, and thats what im using for OEP.

I load up importrec attach to an open dragonbot.exe and type in the last 4 numbers from the OEP click IAT autosearch then get imports.

This returns a long list with one api that is invalid, but when i right click and use the trace3 option it finds it, and then i fix dump and get an error when i open it.

Reply With Quote
  #5  
Old 06-29-2005, 10:24 PM
ultraprotectkillinMe ultraprotectkillinMe is offline
Junior Member
 
Join Date: Jun 2005
Posts: 3
Default

Lol.. hahaha!! i love ur Paintshopped No! :P
Reply With Quote
  #6  
Old 06-29-2005, 10:54 PM
ultraprotectkillinMe ultraprotectkillinMe is offline
Junior Member
 
Join Date: Jun 2005
Posts: 3
Default

Hmms... the dumped.exe file has error... fixing dont seem to work
Reply With Quote
  #7  
Old 07-11-2005, 11:01 PM
orangutang orangutang is offline
Member
 
Join Date: May 2005
Posts: 20
Default

UltraProtect, and Asprotect have some of the best debugger protections. I hate them.
Reply With Quote
Reply


Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump





Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2020, Jelsoft Enterprises Ltd.