Reverse Engineering RET Homepage RET Members Reverse Engineering Projects Reverse Engineering Papers Reversing Challenges Reverser Tools RET Re-Search Engine Reverse Engineering Forum Reverse Engineering Links

Go Back   Reverse Engineering Team Board > Reverse Engineering Board > Reverse Code Engineering
FAQ Members List Calendar Search Today's Posts Mark Forums Read

Reply
 
Thread Tools Display Modes
  #11  
Old 09-30-2009, 01:07 PM
Tyrus Tyrus is offline
Senior Member
 
Join Date: Dec 2007
Posts: 60
Default

Quote:
Originally Posted by smithjsmi View Post
you explain here unpacked the protected file, how we can unpacked, which tool I need to unpacked, you mean with ollydbg or we make log file?
1. find OEP of exe/dll
2. make dump on OEP (PETools/LordPE)
3. cut .protect section and rebuid PE-header
4. find IAT and restore it:
- make ollydbg script for each envelope version
- restore emulated functions by your hands
5. fix dump with restored import
6. for dll - restore relocs (edit .reloc section or use Relox)
Reply With Quote
  #12  
Old 10-03-2009, 01:08 AM
foffa foffa is offline
Senior Member
 
Join Date: Jul 2007
Location: %TEMP%
Posts: 344
Default

@tyrus
good participation BUT
i think they will ask for more

many thank
Reply With Quote
  #13  
Old 10-03-2009, 03:37 AM
smithjsmi smithjsmi is offline
Senior Member
 
Join Date: Dec 2008
Posts: 64
Default

Quote:
Originally Posted by Tyrus View Post
1. find OEP of exe/dll
can you explain at image chart, or we must find the OEP with Ollydbg, If we find the oep with olly then (Debuger detected 1030) error is show how to solved at olly this problems?
Reply With Quote
  #14  
Old 10-03-2009, 09:57 AM
Tyrus Tyrus is offline
Senior Member
 
Join Date: Dec 2007
Posts: 60
Default

Quote:
Originally Posted by smithjsmi View Post
can you explain at image chart, or we must find the OEP with Ollydbg, If we find the oep with olly then (Debuger detected 1030) error is show how to solved at olly this problems?
You must hide debugger
use Phant0m plugin
Reply With Quote
  #15  
Old 10-04-2009, 10:46 AM
smithjsmi smithjsmi is offline
Senior Member
 
Join Date: Dec 2008
Posts: 64
Default

did you share the plugin of phantom here and setting with image because there is many option and which option in clicking?

I also try it but not understand may be my phantom plugin is old or not support it.

hid debuggin with use the option of hid debuger plugin? or this is possible with phantom plugin?

Please some guid us.
Reply With Quote
  #16  
Old 10-04-2009, 05:25 PM
Git Git is offline
Super Moderator
 
Join Date: Oct 2007
Location: Torino
Posts: 1,797
Default

How about doing some reading and searching and helping yourself?. You seem to expect other people to do everything for you.

Git
Reply With Quote
  #17  
Old 10-30-2009, 02:07 AM
butaktelco butaktelco is offline
Senior Member
 
Join Date: Feb 2008
Posts: 74
Default

Quote:
Originally Posted by Tyrus View Post
1. find OEP of exe/dll
2. make dump on OEP (PETools/LordPE)
3. cut .protect section and rebuid PE-header
4. find IAT and restore it:
- make ollydbg script for each envelope version
- restore emulated functions by your hands
5. fix dump with restored import
6. for dll - restore relocs (edit .reloc section or use Relox)
I dont Understand point no.4
4. find IAT and restore it:
- make ollydbg script for each envelope version
- restore emulated functions by your hands
can you explain with more detail...

how to find iat if code still obfuscate ?
how to make Ollydbg scrit for each envelope version ?

Thanks
Reply With Quote
  #18  
Old 11-08-2009, 09:40 PM
khoibt khoibt is offline
Member
 
Join Date: Nov 2009
Posts: 4
Send a message via Yahoo to khoibt Send a message via Skype™ to khoibt
Default

Quote:
Originally Posted by Tyrus View Post
You must hide debugger
use Phant0m plugin
Hi Tyrus, i'm a new member, can you help me tools and step by step to load empty HAPS dongle.
I have tems 8.0.3 emulator but i want to load to empty HAPS dongle!
Reply With Quote
Reply


Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump





Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2021, Jelsoft Enterprises Ltd.