View Single Post
  #4  
Old 03-01-2011, 06:58 AM
butaktelco butaktelco is offline
Senior Member
 
Join Date: Feb 2008
Posts: 74
Default

hello my friends nice to see you again
emulator not perfect, have some error
i try to unpack with these
looks my asm
i am running with emul MK, but result different
looks in asm
Quote:
00482B52 F76F BE IMUL DWORD PTR DS:[EDI-42] -----oep address with emulator MK
00482B55 6C INS BYTE PTR ES:[EDI], DX ; I/O command
00482B56 E7 DB OUT 0DB, EAX ; I/O command
00482B58 C1D8 D1 RCR EAX, 0D1 ; Shift constant out of range 1..31
00482B5B B9 18067373 MOV ECX, 73730618
00482B60 D5 90 AAD 90
00482B62 5D POP EBP
00482B63 ^ 72 9A JB SHORT app.00482AFF
00482B65 D95A B6 FSTP DWORD PTR DS:[EDX-4A]
00482B68 D066 F4 SHL BYTE PTR DS:[ESI-C], 1
00482B6B 60 PUSHAD


00482B52 E8 6D050000 CALL app.004830C4 ---- oep address with hardware key
00482B57 ^ E9 35FDFFFF JMP app.00482891
00482B5C 50 PUSH EAX
00482B5D 64:FF35 0000000>PUSH DWORD PTR FS:[0]
00482B64 8D4424 0C LEA EAX, DWORD PTR SS:[ESP+C]
00482B68 2B6424 0C SUB ESP, DWORD PTR SS:[ESP+C]
00482B6C 53 PUSH EBX
00482B6D 56 PUSH ESI
00482B6E 57 PUSH EDI
00482B6F 8928 MOV DWORD PTR DS:[EAX], EBP
00482B71 8BE8 MOV EBP, EAX
00482B73 A1 E8054A00 MOV EAX, DWORD PTR DS:[4A05E8]
00482B78 33C5 XOR EAX, EBP
00482B7A 50 PUSH EAX
00482B7B FF75 FC PUSH DWORD PTR SS:[EBP-4]
00482B7E C745 FC FFFFFFF>MOV DWORD PTR SS:[EBP-4], -1
00482B85 8D45 F4 LEA EAX, DWORD PTR SS:[EBP-C]
00482B88 64:A3 00000000 MOV DWORD PTR FS:[0], EAX
00482B8E C3 RETN
same byte different using emulator & hardware key,
any suggest about these

Last edited by butaktelco : 03-01-2011 at 07:01 AM.
Reply With Quote