Results 1 to 6 of 6

Thread: Defeating PCGuard v5.0

  1. #1
    phrozen-4-life SvensK's Avatar
    Join Date
    Nov 2003
    Location
    HeLL
    Posts
    18

    Defeating PCGuard v5.0

    Thought I'd whip up a few quick notes on how to unpack PCGuard v5.0.

    1. Load PCGuad protected exe in PEiD (v0.91) and use the Generic OEP Finder to locate the OEP, write it down.
    2. Load the exe in Olly.
    3. Right-click the value in ECX and Follow in Dump.
    4. Right-click the 01 at 7FFDF002 and fill with 00's.
    5. Press Ctrl-G while still in the Dump window and fill in the OEP found in PEiD.
    6. Right-click the first byte and Breakpoint Memory, on write.
    7. Press Shift-F9 a few times until you break at the BP you just set.
    8. Press F8 once and notice how the first byte in the dump changes to 55.
    9. Remove the current BPM and set a new one on Breakpoint Hardware, on execution at the 55 (push ebp).
    10. A few more Shift-F9's and you're at the OEP.
    11. Dump with OllyDump plugin and make sure Rebuild Imports - Method 1 is selected.
    12. That's it, enjoy.

  2. #2
    CrYpT
    Guest
    I tried this way you say, but after I have unpacked it, then it won't start the unpacked exe. I think it is Ollydump there do something wrong, don't you have any problems?
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  3. #3
    phrozen-4-life SvensK's Avatar
    Join Date
    Nov 2003
    Location
    HeLL
    Posts
    18
    Nope. Try dumping with LordPE and rebuild IAT with ImpRec instead then.

  4. #4
    Try the PEiD generic unpacker works in some cases (NOT ALL!!)

    regards
    LibX
    Regards,
    LibX // RETeam

  5. #5
    ChaosLord
    Guest

    Oep

    Any other way to find the OEP, Svensk?

    I promise that I have read the FAQ and tried to use the Search to answer my question.

  6. #6
    phrozen-4-life SvensK's Avatar
    Join Date
    Nov 2003
    Location
    HeLL
    Posts
    18
    Ages since I played with it. Don't even remember what target that was for.
    I hope you find what you're looking for elsewhere.

Similar Threads

  1. Defeating Memory Breakpoints
    By walied in forum Advanced Reversing and Programming
    Replies: 12
    Last Post: October 19th, 2013, 04:00
  2. PCGuard
    By Crimson Sunset in forum Malware Analysis and Unpacking Forum
    Replies: 9
    Last Post: December 19th, 2004, 12:36
  3. About PCGuard 5.0
    By javier in forum Malware Analysis and Unpacking Forum
    Replies: 1
    Last Post: March 6th, 2004, 07:42
  4. new PCGuard Unpacker/Dumper
    By sirius in forum Malware Analysis and Unpacking Forum
    Replies: 0
    Last Post: May 27th, 2003, 14:00
  5. PCGuard 4.03 demo unprotecting
    By evaluator in forum Malware Analysis and Unpacking Forum
    Replies: 11
    Last Post: September 26th, 2001, 23:33

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •