raven58
February 14th, 2001, 13:59
Working on a crackme. Get type says this is a DOS executable file packed with ASPACK 1.082. After unpacking and saving the file using procdump, WDASM states that "PE file not in standard windows format- no string references". Should this crackme have been unpacked using a dos unpacker? Is there a way to see the string references in wdasm?
Thanks
goatass
February 14th, 2001, 18:19
No there is no need to unpack it with a DOS unpacker, your problem is that the RVAs of the sections in the PE header are wrong, the reason why you are not seeing any strings is because your PE header is not pointing to the correct RVA of the RSRC section. You need to read some more about the PE header and some more tuts on unpacking.
goatass
Powered by vBulletin® Version 4.2.2 Copyright © 2020 vBulletin Solutions, Inc. All rights reserved.