antoniodel
25/12/2017, 05:58 PM
Achei esse main a um tempinho, já que publicaram ele, resolvi trazer o mesmo do mesmo tópico onde encontrei.
Download Cliente s13
[Only registered and activated users can see links]!SUkHlTyJ!PQaNuL_C4duS1e6bL6RsrQ
Download Main Unpacked
[Only registered and activated users can see links]
Alguma palavra em inglês...
how to unpack any main called "isn't full working":
- open main with ollydbg
- add hw breakpoint at OEP -> F9
- right click -> Goto -> previous offset
- remove breakpoint
now you can see somethings like this
00F7A4B4 > E8 FF207DFF CALL main.0074C5B8
00F7A4B9 -E9 95B45400 JMP main.014C5953
- 014C5953 is new OEP
- open Scylla put OEP -> IAT Autosearch
- Save dump.exe
- and now you can open dump.exe with IDA =))
original entry point call
00E0CE46 E8 6BBA4909 CALL main.0A2A88B6
00E0CE4B ^\E9 A6BBFFFF JMP main.00E089F6
Entry point fixed
00E0CE46 > E8 7FF02800 CALL dump_IF.0109BECA
00E0CE4B E9 AD212700 JMP dump_IF.0107EFFD
getstartupinfo
0107EFFD ^\E9 532BDAFF JMP main.00E21B55
0107F002 CC INT3
0107F003 1BA0 E9B9355A SBB ESP,DWORD PTR DS:[EAX+0x5A35B9E9]
getstartupinfo Fixed
0107EFFD 6A 58 PUSH 0x58
0107EFFF 68 90705B01 PUSH dump_IF.015B709
00107F004 E8 1FAC0000 CALL dump_IF.01089C28
Download Cliente s13
[Only registered and activated users can see links]!SUkHlTyJ!PQaNuL_C4duS1e6bL6RsrQ
Download Main Unpacked
[Only registered and activated users can see links]
Alguma palavra em inglês...
how to unpack any main called "isn't full working":
- open main with ollydbg
- add hw breakpoint at OEP -> F9
- right click -> Goto -> previous offset
- remove breakpoint
now you can see somethings like this
00F7A4B4 > E8 FF207DFF CALL main.0074C5B8
00F7A4B9 -E9 95B45400 JMP main.014C5953
- 014C5953 is new OEP
- open Scylla put OEP -> IAT Autosearch
- Save dump.exe
- and now you can open dump.exe with IDA =))
original entry point call
00E0CE46 E8 6BBA4909 CALL main.0A2A88B6
00E0CE4B ^\E9 A6BBFFFF JMP main.00E089F6
Entry point fixed
00E0CE46 > E8 7FF02800 CALL dump_IF.0109BECA
00E0CE4B E9 AD212700 JMP dump_IF.0107EFFD
getstartupinfo
0107EFFD ^\E9 532BDAFF JMP main.00E21B55
0107F002 CC INT3
0107F003 1BA0 E9B9355A SBB ESP,DWORD PTR DS:[EAX+0x5A35B9E9]
getstartupinfo Fixed
0107EFFD 6A 58 PUSH 0x58
0107EFFF 68 90705B01 PUSH dump_IF.015B709
00107F004 E8 1FAC0000 CALL dump_IF.01089C28