Thread: Unpacking problem
View Single Post
  #9  
Old 01-09-2004, 21:03
R@dier
 
Posts: n/a
Here is a quick rundown

Load into Oly

0063D000 > 53 PUSH EBX
0063D001 55 PUSH EBP
0063D002 8BE8 MOV EBP,EAX <---------------F7 till here
0063D004 33DB XOR EBX,EBX
0063D006 EB 60 JMP SHORT Target.0063D068


goto dump window
Ctrl G enter the value of the esp register
set a breakpoint on hardware access dword on the address in the ESP register

press F9

0063D2CB 5D POP EBP
0063D2CC 5B POP EBX <---- you will stop here
0063D2CD -E9 145EE7FF JMP Target.004B30E6 <---- jump to OEP
0063D2D2 0000 ADD BYTE PTR DS:[EAX],AL

F7 until you hit the oep

004B30E6 55 PUSH EBP <--- OEP
004B30E7 8BEC MOV EBP,ESP
004B30E9 6A FF PUSH -1
004B30EB 68 70444C00 PUSH Target.004C4470
004B30F0 68 4C154B00 PUSH Target.004B154C


Use olydump plugin and enjoy your unpacked program


Best Wishes

R@dier
Reply With Quote