#1
|
|||
|
|||
A nice challenge....
Greetings to all you unpackers.
It's been quite a while since I posted something here. But now I have found a nice challenge for people interested in unpacking targets. Go to hxxp:\\www.autodebug.com and download Autodebug pro 3.6 for windows. I have tried to unpack it, and seems to succeed but when I run it it crashes. It is packed with both Aspack and PeCompact. First with pecompact then wrapped once more with Aspack. It is no problem solving this two things, but then the fun starts. There are calls to IsDebuggerPresent, and there are some other stuff that makes the program crash via int3 exceptions. But after solving these things, the program still don't run properly. It just excits after a few seconds. When you run the prorgam in Olly, it detects bp's (at least in the code section). When you succeed solving this in Olly, you will see that it crashes in a place where it seems that some code is overwritten when you try to run it in a debugger. Anyone interrested in taking a look? And for the record: I don't care in breaking the serialprotection. I'm just after unpacking it until it runs just fine. regards, hobgoblin |
#2
|
||||
|
||||
well I've made a little walkaround and forced CreateFileA at 420155 to read DebugApiSpy.exe instead of dumped file itself.
Code:
.00400510: E91A000000 jmp .00040052F ---¡ý (1) .00400515: B88D85FCFB mov eax,0FBFC858D .0040051A: AB stosd .0040051B: 66B8FFFF mov ax,-1 .0040051F: 66AB stosw .00400521: B050 mov al,050 ;'P' .00400523: AA stosb .00400524: 5F pop edi .00400525: 6800054000 push 000400500 ;'DebugApiSpy.exe .0040052A: E926FC0100 jmp .000420155 ---¡ý (3) .0040052F: 57 push edi .00400530: BF4E014200 mov edi,00042014E ---¡ý (4) .00400535: E9DBFFFFFF jmp .000400515 ---¡ü (5) .0040053A: 0000 add [eax],al you have to restore opcodes rewriten by jmp or progy will fail, or patch integrity check latter on This is my fast solution probably someone will come up with better solution =) Anyway you may use original exe and inject into last section with code that will dump file to disk and pass that fname to CreateFileA cheers
__________________
http://accessroot.com |
Thread Tools | |
Display Modes | |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
Very nice tool collection | Antitrack | Community Tools | 3 | 01-25-2018 18:27 |
Nice! | ManSun | General Discussion | 2 | 04-22-2004 16:12 |