Exetools  

Go Back   Exetools > General > General Discussion
Reload this Page Unpacking and Inline Patching FSG v1.0
Register Forum Rules FAQ Calendar Mark Forums Read

Notices

 
 
Thread Tools Display Modes
Prev Previous Post   Next Post Next
  #7  
Old 05-19-2004, 11:57
TQN TQN is offline
VIP
  
Join Date: Apr 2003
Location: Vietnam
Posts: 358
Rept. Given: 143
Rept. Rcvd 24 Times in 13 Posts
Thanks Given: 196
Thanks Rcvd at 168 Times in 51 Posts
TQN Reputation: 24
This method of hacnho can only applied with a small and simple packed exe. OllyDbg will fail when tracing with a large, complex exe. For example, I download FSG 1.0 from this site (ExeTools), pack the Stud_PE and trace with OllyDbg. Failed to find OEP.
We can use PEiD to find OEP. PEiD will find the correct OEP with packed Stud_PE. The plugin "PEiD Generic Unpacker" of PEiD can automatic unpack the FSG 1.0 packed EXE. However, PEiD sometime will fail on a console, packed Exe.
Another way is same as JMI way, use OllyDump to find OEP by "Find OEP by Section Hop (xxx)", but it take a long time.
QUnpack of FEUERRADER can find the correct OEP of Stud_PE packed, but it failed when unpack.
With the OEP found, you can he or bp on it, dump with OllyDump and rebuild IAT with ImpRec.
I am finding the manual way to find the OEP of FSG 1.0 packed exe. If I success, I will post information here.
Regards
Reply With Quote
 

« Previous Thread | Next Thread »
Thread Tools
Display Modes
Threaded Mode Threaded Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Inline Patching MaRKuS-DJM General Discussion 1 01-24-2004 23:03


All times are GMT +8. The time now is 15:13.

Aaron's homepage - Top

Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX, chessgod101
( Since 1998 )