Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


questions for unpackmes

 
Post new topic   Reply to topic    Cheat Engine Forum Index -> General programming -> Crackmes
View previous topic :: View next topic  
Author Message
Buggy
Advanced Cheater
Reputation: 0

Joined: 04 Jan 2008
Posts: 72
Location: Republic of Korea (South Korea)

PostPosted: Tue Apr 15, 2008 3:49 am    Post subject: questions for unpackmes Reply with quote

i want to post unpackme here and can anyone ask my questions ??...

1. please give me a form of unpackme
ex : you have to put blah to form blahblahblah

2. please give me what can i use for packers


if i posted in wrong section,,, you can quote me..

_________________

[img]
<a><img></a>[/img]
iroo sooo hooooot
Back to top
View user's profile Send private message
Pseudo Xero
I post too much
Reputation: 0

Joined: 16 Feb 2007
Posts: 2607

PostPosted: Tue Apr 15, 2008 4:03 am    Post subject: Reply with quote

Unpackmes would pretty much only be worth it if you made the packer yourself.
_________________
haxory' wrote:
can't VB do anything??
windows is programmed using VB right? correct me if im wrong.

so all things in windows you have like the start menu is a windows form too.
Back to top
View user's profile Send private message
atom0s
Moderator
Reputation: 198

Joined: 25 Jan 2006
Posts: 8516
Location: 127.0.0.1

PostPosted: Tue Apr 15, 2008 4:05 am    Post subject: Reply with quote

Unpackme's are simply what they are called. An uploaded .exe that is packed with a packer that the user must remove from the file and have it run, clean and without error, without the packer effects still on the file.

For example, a UPX packed file, I have attached a simple VB6 program that does nothing more but say 'Hello World' on the form. It is packed with UPX.

I would post this as an Unpackme by saying, remove the packed effects of the file that UPX has done, and post a clean version, or steps to unpack the file.

For UPX, you would break on the first call to LoadLibraryA, trace back to the caller function, and can locate the jump to the OEP of the program. Once at the OEP, you dump the process, fix the IAT, and tada, unpacked file.

_________________
- Retired.
Back to top
View user's profile Send private message Visit poster's website
STN
I post too much
Reputation: 42

Joined: 09 Nov 2005
Posts: 2672

PostPosted: Tue Apr 15, 2008 7:18 pm    Post subject: Reply with quote

Wiccaan wrote:
Unpackme's are simply what they are called. An uploaded .exe that is packed with a packer that the user must remove from the file and have it run, clean and without error, without the packer effects still on the file.

For example, a UPX packed file, I have attached a simple VB6 program that does nothing more but say 'Hello World' on the form. It is packed with UPX.

I would post this as an Unpackme by saying, remove the packed effects of the file that UPX has done, and post a clean version, or steps to unpack the file.

For UPX, you would break on the first call to LoadLibraryA, trace back to the caller function, and can locate the jump to the OEP of the program. Once at the OEP, you dump the process, fix the IAT, and tada, unpacked file.


or easier than that, just scroll down to the bottom in disassembly and there you see the jump to oep, bp and done Laughing

_________________
Cheat Requests/Tables- Fearless Cheat Engine
https://fearlessrevolution.com
Back to top
View user's profile Send private message
Labyrnth
Moderator
Reputation: 9

Joined: 28 Nov 2006
Posts: 6285

PostPosted: Tue Apr 15, 2008 8:00 pm    Post subject: Reply with quote

Wooot,,,,,, Houston we have STN.

All you got to do is basic old form or what ever and pack it with something and have someone unpack it.
But if those are posted. I think you shouldnt just post a unpacked version of it. You should show screenshots of it being manually unpacked.
Anyone can get an application to unpack allot of the packers.
Not many can manually unpack stuff tho. Including me as of right now.

_________________

Back to top
View user's profile Send private message
Buggy
Advanced Cheater
Reputation: 0

Joined: 04 Jan 2008
Posts: 72
Location: Republic of Korea (South Korea)

PostPosted: Wed Apr 16, 2008 12:41 am    Post subject: Reply with quote

I'm making my own packer with MASM32 9.0 and when i finished making,, i'll post my unpackme... kk
_________________

[img]
<a><img></a>[/img]
iroo sooo hooooot
Back to top
View user's profile Send private message
atom0s
Moderator
Reputation: 198

Joined: 25 Jan 2006
Posts: 8516
Location: 127.0.0.1

PostPosted: Wed Apr 16, 2008 10:27 am    Post subject: Reply with quote

STN wrote:
or easier than that, just scroll down to the bottom in disassembly and there you see the jump to oep, bp and done Laughing


I just tried this, doesn't work, theres no jump to the OEP, let alone no jump all the way at the end of the disassembly. I've only ever heard, read, or was taught the LoadLibraryA method with UPX, never seen another method.

_________________
- Retired.
Back to top
View user's profile Send private message Visit poster's website
Sinok
Cheater
Reputation: 0

Joined: 21 Mar 2008
Posts: 34

PostPosted: Thu May 01, 2008 7:37 am    Post subject: Reply with quote

Wiccaan wrote:
STN wrote:
or easier than that, just scroll down to the bottom in disassembly and there you see the jump to oep, bp and done Laughing


I just tried this, doesn't work, theres no jump to the OEP, let alone no jump all the way at the end of the disassembly. I've only ever heard, read, or was taught the LoadLibraryA method with UPX, never seen another method.

What STN wrote works sometimes, you can also use the ESP "method"..
Back to top
View user's profile Send private message
atom0s
Moderator
Reputation: 198

Joined: 25 Jan 2006
Posts: 8516
Location: 127.0.0.1

PostPosted: Thu May 01, 2008 8:59 am    Post subject: Reply with quote

Sinok wrote:
Wiccaan wrote:
STN wrote:
or easier than that, just scroll down to the bottom in disassembly and there you see the jump to oep, bp and done Laughing


I just tried this, doesn't work, theres no jump to the OEP, let alone no jump all the way at the end of the disassembly. I've only ever heard, read, or was taught the LoadLibraryA method with UPX, never seen another method.

What STN wrote works sometimes, you can also use the ESP "method"..


Yea after saying what I did, I found a UPX packed prog that his method would work on but doesn't work on all progs that are packed with UPX. The LoadLibraryA jump method is the most suitable for UPX I'd say.

_________________
- Retired.
Back to top
View user's profile Send private message Visit poster's website
Sinok
Cheater
Reputation: 0

Joined: 21 Mar 2008
Posts: 34

PostPosted: Wed May 07, 2008 11:22 pm    Post subject: Reply with quote

Wiccaan wrote:
Sinok wrote:
Wiccaan wrote:
STN wrote:
or easier than that, just scroll down to the bottom in disassembly and there you see the jump to oep, bp and done Laughing


I just tried this, doesn't work, theres no jump to the OEP, let alone no jump all the way at the end of the disassembly. I've only ever heard, read, or was taught the LoadLibraryA method with UPX, never seen another method.

What STN wrote works sometimes, you can also use the ESP "method"..


Yea after saying what I did, I found a UPX packed prog that his method would work on but doesn't work on all progs that are packed with UPX. The LoadLibraryA jump method is the most suitable for UPX I'd say.

More complicated tho lol
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> General programming -> Crackmes All times are GMT - 6 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites