Results 1 to 6 of 6

Thread: Help needed to unpack and dissasemble file

  1. #1
    Mogsey
    Guest

    Help needed to unpack and dissasemble file

    Can anybody please help me to unpack and dissasemble a file. I have tried all the file analysis to try and detect what type of security sytem it is using and non of them can reconise it. Is it possible that the original programmer has created there own security sytem. I have tried opening the file using IDA Pro 4.0 but it only opens a small sample of code and the rest is comes up unexplored.

    Any help will be most appreciated, as I have spent nearly 2 weeks trying to crack the file and got no where.

    Thanks

    Mogsey
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  2. #2
    Unregistered
    Guest

    Exclamation

    Which file ?? url ??
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  3. #3
    donMAMAvomito
    Guest
    greetings

    exactly..which target are you talking about..

    give the url..so that i may be able to further this..

    best regards
    donMAMAvomito
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  4. #4
    Mogsey
    Guest
    It's an .exe file if it would help I can email it to you.

    Thanks
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  5. #5
    donMAMAvomito
    Guest
    greetings

    first: is this application downloadable from the net. if so i will obtain a copy for myself and unpack it..it will save you the trouble of mailing it to me...

    also..is it a dos or a win32 app...

    here are some tips for you to try your hands once more...

    first..assuming its a vc++/bc++ app..(no vb/delphi please..)

    * try symbol loader of numega..if proggy does not break at start with [invalid] values (change the .code section characterisits to make it break..i will not explain this in detail..fravias essays should make it clear)

    * ok now do a bpx getversion and press F5..

    * proggy will hopefully break..look at the code window and see that the name is the same as that of proggys; if so you have arrived at the start section..go back a few lines to something like this

    xxxx: push ebp
    mov ebp,esp
    ..
    ..
    ..


    note down the value of (xxxx) this is the OEP (original entry point)..if the code window shows dll or anything else keep pressing F5...

    * ok now clear all breakpoints (bc *) and set load the exe once more using symbol loader..set bpx xxxxx (you noted it down)..
    press f5..the proggy will break..assemble jmp eip at current eip..remember to note down the previous overwritten bytes..

    * do a procdump/icedump/adump whatever...

    * change the PE entry point to the noted (xxxx). and replace the
    overwritten bytes using a hex editor..

    *exe is now unpacked and ready to run..

    this is a very general technique and must be adapted...like for example...screwed up IAT's..or even vb or delphi appz..for that matter even encrypted sections that are decrypted at runtime...
    CRC checks...

    just use your brain...

    keep me posted...

    best regards
    donMAMAvomito
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  6. #6
    Mogsey
    Guest
    Thankyou for the informative reply I will give it a try and let you know the results

    Thanks

    Mogsey
    I promise that I have read the FAQ and tried to use the Search to answer my question.

Similar Threads

  1. Can anybody unpack this file
    By localcrack in forum The Newbie Forum
    Replies: 2
    Last Post: February 13th, 2009, 19:31
  2. Suspicious file - Can't unpack
    By 0x0804 in forum Malware Analysis and Unpacking Forum
    Replies: 8
    Last Post: April 26th, 2007, 05:23
  3. How to unpack a .sys file?(device driver)
    By cloud_y in forum Malware Analysis and Unpacking Forum
    Replies: 3
    Last Post: February 19th, 2004, 14:34
  4. how to unpack Dll file for Aspack 2.12 ?
    By kernel5 in forum Malware Analysis and Unpacking Forum
    Replies: 29
    Last Post: March 14th, 2002, 17:23

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •