nikola:
My main problem is in getting the OEP...
The way I proceed, as I said in one of my prev posts is by changing the characteristics of the dll to exe by subtracting 2000h from the characteristic in PE Editor.
Then I load it in Olly as an exe and try to step it using F7 and F8. Then I try to look for the OEP in the usual way - looking for any SUDDEN changes in the EIP ranges, any sudden jmp away from the decrypting code etc...
This tends to fail more often with Vbox than with other packers.
I sometimes try to load it in IDA Pro 4.7 and after a long and thorough search, I get the oep.
My request was whether someone succeeded in finding any easier way to unpack the vboxed dlls.
The search on the net, including the RCE fora, only succeeded in me understanding that the unpacking of the dll is "More involved and complex"...According some of the authors...
Even after I find the OEP, getting the imports with imprec frequently fails when I use ImpRec 1.6 Final...there are very few if any documents on the net explaining how to get the imports for the dll...The way I proceed is to create a small loading exe file for the dll and then try to get the imports through ImpRec...Any detailed Tutorial on unpacking at least a single vboxed dll is welcome...
I can provide plenty of vboxed dlls if you need them for preparing a rather rough sketch of the steps to take, if not a full-blown tut...
Thank you...