Results 1 to 6 of 6

Thread: Manual unpacking Virogen Crypt v0.75 question

  1. #1

    Manual unpacking Virogen Crypt v0.75 question

    Hi

    I have read the hacnho Manual unpacking Virogen Crypt v0.75 tutorial
    it works great on his crack me, but on my target i can not find the pattern
    jnz xxxxxxxxx
    mov eax,1
    retn 0c
    push xxxxxxx
    retn
    Is there anyone who has worked on this and could help me?

    Thanks

    akimp3

  2. #2
    Yes, the tutorial of hacnho did not correct. It work only with his machine... I have unpacked the Virogen Crypt v0.7 in the past. It is easy to unpack. As I remember, you can use the bp GetProcAddress in OllyDbg, F12 to run until return. Scroll down until you find a a some jmp/je/jne. Bp them and one of them will be a jump to OEP.
    Regards

  3. #3

    Help

    Hi
    Thank you for your quick reply.
    I have added a breakpoint on getprocaddress in kernal 32.
    then i clicked F9 to run.
    it braks in getprocaddress
    i clicked execute til return ctrl+f9 (not f12 as you told).
    it goes to the return a the end of getprocaddress in kernel 32
    you told me to scroll and find the jump. i am still in kernel 32 should
    i put breakpoint in there or i missunderstood.
    please give me some advice

    Thanks

    akimp3

  4. #4
    sTfN0X
    Guest
    As stated before, unpacking Virogen Crypt is quite easy. Just put a bp on GetProcAddress and press F9. When Olly breaks, clear the bp. Then press CTRL+F9, then F8 once and you will be out of Kernel32. After that scroll down till you see a RET (2 lines after a RET 0C). put a bp on the RET, F9 to run and break on the RET. then F8 once and you're at the OEP.
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  5. #5

    no ret 0c

    Hi
    Thank you for your good reply.
    I have done all the step but after the f8 when i come out of kernel32.dll
    in the main exe i am on a ret command, i scrolled down to find the ret 2 line after ret 0c but there is no ret 0c in this exe at all i have scrolled to the end
    bur i have not found any ret 0c.
    Could you please give me an advice?
    Thanks

    akimp3

  6. #6
    sTfN0X
    Guest
    Well, there's also another solution. A bit more complicated though, PM and I'll take a look at it.

    Regards,

    sTfN0X
    I promise that I have read the FAQ and tried to use the Search to answer my question.

Similar Threads

  1. ASProtect 2.0x Manual Unpacking Scripts
    By nick_name in forum OllyDbg Support Forums
    Replies: 10
    Last Post: February 17th, 2006, 16:18
  2. a question for my first armadillo unpacking
    By Hero in forum The Newbie Forum
    Replies: 1
    Last Post: October 26th, 2005, 20:08
  3. newbie unpacking question
    By xkrylonx in forum Malware Analysis and Unpacking Forum
    Replies: 2
    Last Post: October 7th, 2002, 07:29
  4. Basic unpacking/revirgin question
    By MrSmith in forum Malware Analysis and Unpacking Forum
    Replies: 3
    Last Post: July 29th, 2002, 09:47
  5. general unpacking question
    By nullvolt in forum Malware Analysis and Unpacking Forum
    Replies: 7
    Last Post: March 21st, 2001, 16:30

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •