NeO
February 12th, 2001, 17:09
For Kayaker or evenone with ideas!
So i have one another Pecryp 1.02 the problem is not normal !If you opened it with Peedit you get .ficken in every section!In normal Pecrpy it's only in the last one!So i you use PeCrpy unapcker it opens it and at the he gets an eRROR!SO i have to unpack it manually!
[imagebase] 400000 ,OEP is 401000 , after /tracex command i used /pedump 400000 1000 D:\kl.exe!
And he says 400000 is not original Pehead!
Where should i find it???
If i use /dump 400000 1000 D:\kl.exe! it dumps it but the problem is that there is no Pehead so no MZ!!
You can convert a /DUMP [imagebase] [length of file] to a working PE as well afterwards using Procdump, PEditor or some other util. Assuming of course the packer hasn't pulled some other trick such as corrupting the Import table or the PE Header
Kayaker did you mean you the bhrama server!If i use bhrama server on Pecrpty 1.02 I get shut down off Loader!!
Thanks for helpinG!!
NeO
So i have one another Pecryp 1.02 the problem is not normal !If you opened it with Peedit you get .ficken in every section!In normal Pecrpy it's only in the last one!So i you use PeCrpy unapcker it opens it and at the he gets an eRROR!SO i have to unpack it manually!
[imagebase] 400000 ,OEP is 401000 , after /tracex command i used /pedump 400000 1000 D:\kl.exe!
And he says 400000 is not original Pehead!
Where should i find it???
If i use /dump 400000 1000 D:\kl.exe! it dumps it but the problem is that there is no Pehead so no MZ!!
You can convert a /DUMP [imagebase] [length of file] to a working PE as well afterwards using Procdump, PEditor or some other util. Assuming of course the packer hasn't pulled some other trick such as corrupting the Import table or the PE Header
Kayaker did you mean you the bhrama server!If i use bhrama server on Pecrpty 1.02 I get shut down off Loader!!
Thanks for helpinG!!
NeO