|
|
|
|
#1
02-14-2005, 05:16
|
|||
|
|||
|
today i played with this target.. check if all is OK.
btw, it's marked as SD1.1 at start of 1st section?? original IT restored; OEP bytes restored from 00495C50h; resource restored by PExplorer; there was 7 crypted code blocks, wich decrypted on runtime; .. shit, failed for attach! Last edited by evaluator; 02-14-2005 at 05:24. 
|
|
#2
02-14-2005, 06:11
|
|||
|
|||
SDProtector Pro Edition 1.12 unpacking tutorial
at hxxp://www.angelfire.com/indie/zong
EnJoy 
|
|
#3
02-14-2005, 18:50
|
|||
|
|||
|
@newbie_cracker
For Imprec - it looks for file "ImportREC.exe" and for title "Import REConstructor v1.6..." You can easy change title with Customizer or similar program. For LordPE - SDpacker absolutely hates this tool . Apply the same steps as for ImpRec  btw. It shows wrong Image_Size of process ( 0x00036000 ). Use any other tools for dumping . @KaGra I like your tuts , but what would you do if your target is packed with regged version of packer and you don't have intro Nag to attach ?
|
|
#4
02-14-2005, 19:01
|
|||
|
|||
|
well...
well,if I don;t have a registered version in my hands,I cannot make any assumptions.But i'd like to have one...
|
|
#5
02-14-2005, 23:23
|
||||
|
||||
|
Thanks hosiminh
My problem solved in patching the process in memory. Greetings to The Boss. I bypassed LordPE detection and dumped the flle. But PE tools dumped better than lordpe, without any errors. Is there a good dumper except Lordpe and PE Tools? The remaining problem is OllyDbg detection and Unpacking method. Regards Last edited by Newbie_Cracker; 02-14-2005 at 23:32.
|
|
#6
02-15-2005, 00:58
|
||||
|
||||
|
It depends what you mean. The best dump is always a manual dump. The way of dumping running process simultaneously with its execution (like LordPE, PETools do) is a weak and not "clean" idea. Usually it forces you to keep redundant sections but most of all it makes unpacked executable a lot bigger than original one.
Anyway, it's only my private opinion and you can always work this way. For Delphi executables the best dumper is DeDe (with ability to find OEP). Regards.
|
|
#7
02-15-2005, 07:22
|
||||
|
||||
|
Really thanks KaGra.
You've written very usefull tuts and put in you homepage. Almost, All of my question is answered. Best regard.
|
|
#8
02-17-2005, 03:53
|
|||
|
|||
|
uploading once again..
this program maybe is interesting for reversing.
|
 |
| Thread Tools | |
| Display Modes | |
|
|
Similar Threads
|
||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| How to defeat Enigma protector External Files Checkup? | benney | General Discussion | 1 | 08-20-2016 02:13 |
| Help for unknown protector | Newbie_Cracker | General Discussion | 9 | 01-11-2011 17:42 |
| New or Unknown Protector | lordnasty | General Discussion | 0 | 06-19-2006 16:57 |
| Good Protection (Password Reminder) | anorganix | General Discussion | 6 | 11-22-2005 04:42 |
Hybrid Mode
