|
here is a quick run down
load into olly
004A4230 > $ 60 PUSHAD <----- starting point
004A4231 . BE 00F04600 MOV ESI,wwDisp.0046F000
004A4236 . 8DBE 0020F9FF LEA EDI,DWORD PTR DS:[ESI+FFF92000]
004A423C . 57 PUSH EDI
Scroll down till
004A4395 > FF96 B85E0A00 CALL DWORD PTR DS:[ESI+A5EB8]
004A439B > 61 POPAD
004A439C .-E9 D3EEFBFF JMP wwDisp.00463274 <----jmp to OEP Set Break point here
F7 to OEP
00463274 55 PUSH EBP <-----OEP
00463275 8BEC MOV EBP,ESP
00463277 33C9 XOR ECX,ECX
olly dump prog and turn off rebuild imports
dump as unpacked.exe
do not shut down olly yet we are now going to get the imports
Start ImpRec
Select process
changes oep: 00063274
click get imports and check for invalid
click fix dump ans select unpacked.exe
shut down olly
done all works great now
I hope this helps
Last edited by R@dier; 01-10-2004 at 00:40.
|