Exetools  

Go Back   Exetools > General > General Discussion

Notices

Reply
 
Thread Tools Display Modes
  #16  
Old 09-24-2005, 18:58
demon_da's Avatar
demon_da demon_da is offline
Friend
 
Join Date: Aug 2005
Posts: 151
Rept. Given: 49
Rept. Rcvd 6 Times in 6 Posts
Thanks Given: 118
Thanks Rcvd at 51 Times in 27 Posts
demon_da Reputation: 7
try to analyze your target with RDG Packer Detector! it have better result if your target have fake sign!
Reply With Quote
  #17  
Old 09-25-2005, 13:49
Asus Asus is offline
VIP
 
Join Date: Feb 2005
Posts: 585
Rept. Given: 112
Rept. Rcvd 27 Times in 13 Posts
Thanks Given: 127
Thanks Rcvd at 84 Times in 35 Posts
Asus Reputation: 28
Unhappy

I also attached 02 file that identified with UPX by PEiD. Please help me.
Attached Files
File Type: zip upx.zip (290.6 KB, 10 views)
Reply With Quote
  #18  
Old 09-25-2005, 14:30
Peter[Pan]
 
Posts: n/a
They are both certainly UPX'D, do it manually, open them in ollydbg, and scroll down to the

POPAD
JMP ADDRESS

they are right at the bottom, just before all the 0's (not the bottom, bottom, but i mean the bottom of the code you see)

Break on the JMP ADDRESS, and step into the oep, then dump from here, and rebuild the iat.
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



All times are GMT +8. The time now is 18:13.


Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX, chessgod101
( 1998 - 2024 )