Thread: How to find out how an exe was packed and how to unpack it?
View Single Post
  #1  
Old 07-13-2018, 03:29
DavidXanatos DavidXanatos is offline
Family
  
Join Date: Jun 2018
Posts: 183
Rept. Given: 3
Rept. Rcvd 47 Times in 33 Posts
Thanks Given: 59
Thanks Rcvd at 363 Times in 120 Posts
DavidXanatos Reputation: 47
How to find out how an exe was packed and how to unpack it?
Hi,

I'm trying to use IDA pro on two applications, booth seam not to like that, when trying to open them I get "Can't find translation for virtual address 0x[some number]" also trying to attach a debugger to a already running process results in that process crashing.
One of them just plainly refuses to start when ida is running.

Now I'm a bloody beginner so don't really know how to get around such an obstacle.

Booth Applications are 64 bit binary's although of one of them there is also a 32 bit Version.

The tool "protection id 6.2.3" tells me that that booth applications are protected by Obsidium x64 V1.5 build 5, respectively build 105


Can someone more knowledgeable give me some advice how to tackle such sort of issue.


Cheers
David X.
Last edited by DavidXanatos; 07-13-2018 at 04:07.
Reply With Quote