Jack
December 11th, 2000, 16:50
I having some problems unpacking UPX. I am trying a older version .84 Unpacking from cmd line is not yet enabled in this old version. I am using Win2K / SI 4.05 / Proc Dump as my tools. My target is a lame vb6 exe I wrote //please don't flame me on vb 
I get to the final jump to real code.
:00407DB4 61 popad
:00407DB5 E96A94FFFF jmp 00401224
I am doing the a eip / jmp eip and dump with procdump.
I modify my entry point in PE header of my dump file to reflect the correct entry point.
Soon as if fires up, crash on can't read from memory location.
I've seen 1 or 2 other tuts on UPX but most of them were to make a patch in the packed file.
I believe my problem is in the PE Header, Import Table or the ProcDump options.
Could someone here that has unpacked a UPX file give me a clue on what I should focus on.
Thanks
Jack
I get to the final jump to real code.
:00407DB4 61 popad
:00407DB5 E96A94FFFF jmp 00401224
I am doing the a eip / jmp eip and dump with procdump.
I modify my entry point in PE header of my dump file to reflect the correct entry point.
Soon as if fires up, crash on can't read from memory location.
I've seen 1 or 2 other tuts on UPX but most of them were to make a patch in the packed file.
I believe my problem is in the PE Header, Import Table or the ProcDump options.
Could someone here that has unpacked a UPX file give me a clue on what I should focus on.
Thanks
Jack