|
Cheat Engine The Official Site of Cheat Engine
|
View previous topic :: View next topic |
Author |
Message |
Buggy Advanced Cheater Reputation: 0
Joined: 04 Jan 2008 Posts: 72 Location: Republic of Korea (South Korea)
|
Posted: Tue Apr 15, 2008 3:49 am Post subject: questions for unpackmes |
|
|
i want to post unpackme here and can anyone ask my questions ??...
1. please give me a form of unpackme
ex : you have to put blah to form blahblahblah
2. please give me what can i use for packers
if i posted in wrong section,,, you can quote me..
_________________
[img]
<a><img></a>[/img]
iroo sooo hooooot |
|
Back to top |
|
|
Pseudo Xero I post too much Reputation: 0
Joined: 16 Feb 2007 Posts: 2607
|
Posted: Tue Apr 15, 2008 4:03 am Post subject: |
|
|
Unpackmes would pretty much only be worth it if you made the packer yourself.
_________________
haxory' wrote: | can't VB do anything??
windows is programmed using VB right? correct me if im wrong.
so all things in windows you have like the start menu is a windows form too. |
|
|
Back to top |
|
|
atom0s Moderator Reputation: 198
Joined: 25 Jan 2006 Posts: 8516 Location: 127.0.0.1
|
Posted: Tue Apr 15, 2008 4:05 am Post subject: |
|
|
Unpackme's are simply what they are called. An uploaded .exe that is packed with a packer that the user must remove from the file and have it run, clean and without error, without the packer effects still on the file.
For example, a UPX packed file, I have attached a simple VB6 program that does nothing more but say 'Hello World' on the form. It is packed with UPX.
I would post this as an Unpackme by saying, remove the packed effects of the file that UPX has done, and post a clean version, or steps to unpack the file.
For UPX, you would break on the first call to LoadLibraryA, trace back to the caller function, and can locate the jump to the OEP of the program. Once at the OEP, you dump the process, fix the IAT, and tada, unpacked file.
_________________
- Retired. |
|
Back to top |
|
|
STN I post too much Reputation: 42
Joined: 09 Nov 2005 Posts: 2672
|
Posted: Tue Apr 15, 2008 7:18 pm Post subject: |
|
|
Wiccaan wrote: | Unpackme's are simply what they are called. An uploaded .exe that is packed with a packer that the user must remove from the file and have it run, clean and without error, without the packer effects still on the file.
For example, a UPX packed file, I have attached a simple VB6 program that does nothing more but say 'Hello World' on the form. It is packed with UPX.
I would post this as an Unpackme by saying, remove the packed effects of the file that UPX has done, and post a clean version, or steps to unpack the file.
For UPX, you would break on the first call to LoadLibraryA, trace back to the caller function, and can locate the jump to the OEP of the program. Once at the OEP, you dump the process, fix the IAT, and tada, unpacked file. |
or easier than that, just scroll down to the bottom in disassembly and there you see the jump to oep, bp and done
_________________
|
|
Back to top |
|
|
Labyrnth Moderator Reputation: 9
Joined: 28 Nov 2006 Posts: 6285
|
Posted: Tue Apr 15, 2008 8:00 pm Post subject: |
|
|
Wooot,,,,,, Houston we have STN.
All you got to do is basic old form or what ever and pack it with something and have someone unpack it.
But if those are posted. I think you shouldnt just post a unpacked version of it. You should show screenshots of it being manually unpacked.
Anyone can get an application to unpack allot of the packers.
Not many can manually unpack stuff tho. Including me as of right now.
_________________
|
|
Back to top |
|
|
Buggy Advanced Cheater Reputation: 0
Joined: 04 Jan 2008 Posts: 72 Location: Republic of Korea (South Korea)
|
Posted: Wed Apr 16, 2008 12:41 am Post subject: |
|
|
I'm making my own packer with MASM32 9.0 and when i finished making,, i'll post my unpackme... kk
_________________
[img]
<a><img></a>[/img]
iroo sooo hooooot |
|
Back to top |
|
|
atom0s Moderator Reputation: 198
Joined: 25 Jan 2006 Posts: 8516 Location: 127.0.0.1
|
|
Back to top |
|
|
Sinok Cheater Reputation: 0
Joined: 21 Mar 2008 Posts: 34
|
Posted: Thu May 01, 2008 7:37 am Post subject: |
|
|
Wiccaan wrote: | STN wrote: | or easier than that, just scroll down to the bottom in disassembly and there you see the jump to oep, bp and done |
I just tried this, doesn't work, theres no jump to the OEP, let alone no jump all the way at the end of the disassembly. I've only ever heard, read, or was taught the LoadLibraryA method with UPX, never seen another method. |
What STN wrote works sometimes, you can also use the ESP "method"..
|
|
Back to top |
|
|
atom0s Moderator Reputation: 198
Joined: 25 Jan 2006 Posts: 8516 Location: 127.0.0.1
|
Posted: Thu May 01, 2008 8:59 am Post subject: |
|
|
Sinok wrote: | Wiccaan wrote: | STN wrote: | or easier than that, just scroll down to the bottom in disassembly and there you see the jump to oep, bp and done |
I just tried this, doesn't work, theres no jump to the OEP, let alone no jump all the way at the end of the disassembly. I've only ever heard, read, or was taught the LoadLibraryA method with UPX, never seen another method. |
What STN wrote works sometimes, you can also use the ESP "method".. |
Yea after saying what I did, I found a UPX packed prog that his method would work on but doesn't work on all progs that are packed with UPX. The LoadLibraryA jump method is the most suitable for UPX I'd say.
_________________
- Retired. |
|
Back to top |
|
|
Sinok Cheater Reputation: 0
Joined: 21 Mar 2008 Posts: 34
|
Posted: Wed May 07, 2008 11:22 pm Post subject: |
|
|
Wiccaan wrote: | Sinok wrote: | Wiccaan wrote: | STN wrote: | or easier than that, just scroll down to the bottom in disassembly and there you see the jump to oep, bp and done |
I just tried this, doesn't work, theres no jump to the OEP, let alone no jump all the way at the end of the disassembly. I've only ever heard, read, or was taught the LoadLibraryA method with UPX, never seen another method. |
What STN wrote works sometimes, you can also use the ESP "method".. |
Yea after saying what I did, I found a UPX packed prog that his method would work on but doesn't work on all progs that are packed with UPX. The LoadLibraryA jump method is the most suitable for UPX I'd say. |
More complicated tho lol
|
|
Back to top |
|
|
|
|
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum You cannot attach files in this forum You cannot download files in this forum
|
|