|
How to unpack delphi ???
Hello guys i have a proggie named (Registry Defragmentation
for Windows NT/2000/XP/2003) that i want to try to crack. I scanned the proggie with stud_PE and the protection whas upx so i unpacked it succesful scanned it again and now says packed with borland /Delphi so my question is what program i must use to unpack Delphi or is it already unpacked ???? Proberly i stupid question from a newbie ;) If i try to set breakpoints in Ollydbg then i get also this message: Module (MK2) has entry point outside the code (as specified in the PE-Header) mabye this file is self-exstracting or self-modifying please keep this in mind setting the breakpoints. Program download (If you wanna look) : _http://www.elcor.net/download/rdefrag.exe Homepage: _http://www.elcor.net Any help would be great. ysco. |
ysco,
Delphi is a programming language created by borland, its not a packer /protector I would say its unpacked ;) Regards R@dier |
Thanks for the reply r@dier now i know that this is oke.
But can you give me also a answer on this 1 (If i try to set breakpoints in Ollydbg then i get also this message: Module (MK2) has entry point outside the code (as specified in the PE-Header) mabye this file is self-exstracting or self-modifying please keep this in mind setting the breakpoints) ;) Thanks in advance . ysco. |
Re: How to unpack delphi ???
Quote:
150528 2003-09-18 21:27:23 E76A353CBF3369C1D76D398EE7DDDA31 RegBackup.exe 147968 2003-09-18 21:46:27 CC41F116FB1228A12855F27F5385B376 RegDefrag.exe 153600 2003-09-16 17:23:49 EB71E4FB74C562B4C53455FE0A066DDB RegDfrgSch.exe 489984 2003-09-18 20:53:08 7F233E4CE178B095FB232985954FD307 RegToolkit.exe and only one packed with UPX - RegToolkit.exe. It's packed only once - don't need unpack it twice :-) But all the rest packed with ASProtect 1.23, so i think RegToolkit.exe is only shell - nothing to crack within - and only other files are really protected. |
I have indeed unpacked regtoolkit but if i read it correct then you say this is not the one to crack .
Must i unpack all the others to exe files too crack this proggie ??? or is there only one file that will do the trick. I thought that the regtoolkit whas the importent 1 because it whas the main program. Hmmm so you see that everytime you learn something. Thanks in advance. ysco. |
ysco,
stripper v2.03 seems to unpack the other files successfully but I have not worked out how to fix them yet. 00:17:30 - asprotect detected.. Image Base :00400000 00:17:30 - dumping victim.. 00:17:30 - processing import table.. ImportAddressTable RVA :0001a154 - kernel32.dll ImportAddressTable RVA :0001a1f0 - user32.dll ImportAddressTable RVA :0001a204 - advapi32.dll ImportAddressTable RVA :0001a214 - oleaut32.dll ImportAddressTable RVA :0001a224 - kernel32.dll ImportAddressTable RVA :0001a238 - advapi32.dll ImportAddressTable RVA :0001a26c - kernel32.dll ImportAddressTable RVA :0001a338 - version.dll ImportAddressTable RVA :0001a348 - gdi32.dll ImportAddressTable RVA :0001a3d0 - user32.dll ImportAddressTable RVA :0001a4e4 - shell32.dll ImportAddressTable RVA :0001a4f0 - ole32.dll ImportAddressTable RVA :0001a4fc - comctl32.dll ImportAddressTable RVA :0001a504 - shell32.dll ImportAddressTable RVA :0001a510 - comctl32.dll ImportAddressTable RVA :0001a520 - winmm.dll 00:17:31 - fixing import table.. ImportAddress RVA :0001a198 - kernel32.dll!GetModuleHandleA ImportAddress RVA :0001a1a8 - kernel32.dll!GetCommandLineA ImportAddress RVA :0001a230 - kernel32.dll!GetModuleHandleA ImportAddress RVA :0001a2d0 - kernel32.dll!GetModuleHandleA ImportAddress RVA :0001a2f8 - kernel32.dll!GetCurrentProcess ImportAddress RVA :0001a2fc - kernel32.dll!GetCommandLineA 00:17:35 - 00bh stolen bytes are found.. EntryPoint RVA :00017a10 ! public release ! some files will be not unpacked 00:17:35 - saving unpacked file.. 00:17:35 - file was unpacked successful.. 00:17:35 - done.. |
Thanks R@dier i will also have a look with stripper. ;)
ysco. |
rdf20
I did previous version, lots of dump checks, write to api address, one of these procs decrypted at runtime, checks ep in pe-header etc. I didn't use stripper so don't know how well it works but looks like still a bit of work after using stripper.
regards |
I have try`t it but i can get it to work this is to hard for a learning newbie ;)
Will try something else now. Thanks anyway guys i still learned something from this. ysco. |
| All times are GMT +8. The time now is 00:08. |
Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2026, vBulletin Solutions, Inc.
Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX