Hi,
I'm trying to unpack a target protected by ActiveMark v2.7 and I am running into similar problems others were having.
What I have managed to do so far is make a dump, get the imports using ImpRec, fix the imports in the dump. However, when I try to run the dump it crashes (yes, more work needed).
Edit: By crashes I mean that the process just exits, no error message, nothing.
The problem is, that when I try to run the original exe through Olly, it gives me a lot of access violations among other things and simply refuses to get to the stage of the browser window.
I believe I have found the right OEP value and have followed the initial steps, but I can't get far enough when running the exe through the debugger to stop at the right breakpoints. I do have the HideDebugger plugin and I have enabled all of the options.
Here is the important section of the dumped exe:
Code:
00BF85A0 5C 54 72 79 6D 65 64 69 \Trymedi
00BF85A8 61 20 53 79 73 74 65 6D a System
00BF85B0 73 5C 41 63 74 69 76 65 s\Active
00BF85B8 4D 41 52 4B 20 53 6F 66 MARK Sof
00BF85C0 74 77 61 72 65 5C 00 00 tware\..
00BF85C8 54 64 6E 41 BD 5A 1F 3E TdnA½Z�>
00BF85D0 9E 86 8F 00 AA 32 11 00 ž†?.ª2�.
00BF85D8 60 BA 14 00 FC 07 00 00 `º�.���..
00BF85E0 39 30 65 39 62 31 64 32 90e9b1d2
00BF85E8 63 34 63 38 35 61 65 36 c4c85ae6
00BF85F0 37 35 66 31 38 32 32 33 75f18223
00BF85F8 34 35 33 33 39 39 37 33 45339973
I have been using the value 0x001132AA as the OEP.
Can anyone help?
Thanks.