Achei esse main a um tempinho, já que publicaram ele, resolvi trazer o mesmo do mesmo tópico onde encontrei.

Download Cliente s13
[Somente membros podem ver os links. ]

Download Main Unpacked
[Somente membros podem ver os links. ]

Alguma palavra em inglês...

how to unpack any main called "isn't full working":

- open main with ollydbg
- add hw breakpoint at OEP -> F9
- right click -> Goto -> previous offset
- remove breakpoint

now you can see somethings like this

Código:



	
Código:

	
00F7A4B4 > E8 FF207DFF      CALL main.0074C5B8
 00F7A4B9  -E9 95B45400      JMP main.014C5953






- 014C5953 is new OEP

- open Scylla put OEP -> IAT Autosearch

- Save dump.exe



- and now you can open dump.exe with IDA =))





	
Código:

	
original entry point call


00E0CE46 E8 6BBA4909 CALL main.0A2A88B6
00E0CE4B ^\E9 A6BBFFFF JMP main.00E089F6


Entry point fixed

00E0CE46 > E8 7FF02800 CALL dump_IF.0109BECA
00E0CE4B E9 AD212700 JMP dump_IF.0107EFFD


getstartupinfo
0107EFFD ^\E9 532BDAFF JMP main.00E21B55
0107F002 CC INT3
0107F003 1BA0 E9B9355A SBB ESP,DWORD PTR DS:[EAX+0x5A35B9E9]


getstartupinfo Fixed


0107EFFD 6A 58 PUSH 0x58
0107EFFF 68 90705B01 PUSH dump_IF.015B709



00107F004 E8 1FAC0000 CALL dump_IF.01089C28