at title

can you help me~~

thanks~~


h**p://202.105.90.205/wsock32.zip

Hello kernel5 !

Do you think this is a hotline?

This board is used to help people who're stuck somewhere and solve problems together.

If you just say "can you help me", you can't await any help from anybody.

Please specify your problems:

Do you know what a DLL is?
Do you know what a packer is?
Do you know what assembler is?
Do you know what a dump is?
Do you know what an IAT is?
Do you know what an OEP is?
Do you know what SoftICE is?

If you don't tell us how far you are, nobody can give you a specified answer.

You could also use the search function, both here on the board and Google. You will find answers here if you plan to learn how to unpack files or automatic unpackers with Google if you just want to have a file unpacked.

So, first learn to search, then learn to ask.

1. Why this thread is NOT moved to NEWBIES FORUM?

2. CRC32 error, can't extract file.
Unknow CHINESE zip compression!?

Oh , Sorry~

I Post here First time . I don't know the rules~

I can't search unpack Aspack 2.12 for Dll File in Web, then ask in here.


Btw: Excuse for my poor English~

hi kernel5,

I understand like you said your english is poor, well i am no English speaker either.. but you must know baisc communication... you want help, sure... but read Dakien Post... do you understand what he is saying???

He says that you need to tell us more on what you are doing? Where you are stuck then we will surely help.
You can NOT simply post a link there and go, "hey dudes, unpack this damn thing for me"...

If your English is poor, use a dictionary to translate what people are saying.. like i used to do long time ago...

anyway, isnt winsock some kind of freeware by microsoft? why is this packed with asPack?

all the best...

Hello evaluator !

I forgot to move the thread, I don't know why, maybe I overlooked it.

I also get a CRC error. The file seems to be 155 bytes too short, the export table is completely missing, the import table is damaged and the code at the DLL's entry point is somehow corrupted. I can't tell if it's packed by ASPack 2.12, because I'm unsure if the code at the entry point belongs to the file.

DaKien, I think the evaluator means CRC error in unzipping the file, i also couldnt unzip the file... unknown zip compression..

You manage to unzip it? what program did you use?

Hello binh81 !

I got the CRC error when unzipping it, but I was able to catch the output file before it was deleted because of the CRC error.
No unknown ZIP compression, just a CRC error.

original file name- JyWorker.DLL
packed with Aspack2.12

Normal wsock32.dll is 40kb (not packed).
This "wsock32.dll" very can by virus!

//202.105.90.205
is chinese page. Who can read?

Hello DakienDX, evaluator , binh81!

This Wsock32.dll is One Online game Plugins Cheat Tool.
It Hook old Wsock32.dll , not virus~~

Maybe Upload Web Server, Zip File is Bad.

So Sorry,

tomorrow , I upload this Dll File to New Web. Please Wait~~~

Thx~~

Now, i Upload New file to

h**p://member.netease.com/~ck/wsock32.dll


Thx~~

Bad server!
Try another..

Hi evaluator !

It's no bad server for me. It works fine right now.


Hello kernel5 !

Unpacking the DLL is not very hard. Just .text, .data and .reloc are packed.
Load the DLL, trace it some bytes and set a BPX to the jump address of the first JNE you find. Run it and trace some more bytes until the Push OEP; Ret and dump the process. Take the .rdata from the packed file and insert it into the dump. Fix the OEP (you've seen it), the IAT (find the structure) and the Fixups (set it to first byte of .reloc).

Then you've a fully working unpacked copy.

0,70 kb/sec
yet not dlded!

Hello evaluator !

I've 15kb/s. No, I'm not living in China.
Do you want to have it as E-Mail attachment?

Finally i DLDed (&unp).
What then?
kernel5, want you , i give you unpacked))))

Hi, evaluator

Can you Mail to me ??

kernels@yeah.net Or kernel5@msn.com

I Want to study Unpack to DLL Files~

You can write Tutorials ?

Thx~

What debugger you have?

TRW 1.23 or S-ICE ~ .. Maybe Ollydbg


Let you Try~~

What version of SICE?

NuMega SoftICE Driver Suite V.2.6 For Win98

Ollydbg 1.06

Have problem?

What is exact version of WINICE?

For this open debugger window & tape: ver

I Use Softice (R) - Driverstudio (tm) 2.6.0 (Build 336)

Softice 4.2.5 (For Win95/Win98)

Last 2 questions:

1. So you can't use ICEDUMP with your WINICE?
2. You ask about DLL unpacking. This mean you can unpack EXE?

I can Unpack Exe , Use Aspackdie12. But aspackdie12 Can't Unpack Dll File~

What Version S-ice can Use ICEDUMP ?? I can find any version S-ice..

Thx~

Hello kernel5 !

I think evaluator wanted to know if you can unpack ASPack files manually.
The main thing is not how to get any SoftICE version, but how to work with SoftICE. ICEDump is for dumping the unpacked DLL, but you can also use any other dumper, like ProcDump.

I've already written a short explanation of how to unpack ASPacked DLLs earlier in this thread.
If you've not understand it then your main problem is not how to unpack a DLL, but how to unpack generally.

You can solve this by reading some tutorials on ASM and learning how to use a debugger.

So, before I write for you tutorial in DLLunpacking,
do this:
Change in HEXeditor byte at addres FF:
21 -> 01
then rename DLL to EXE & then use YOUR aspackdie12!

Then I mail you...

First, Thanks to DakienDX and evaluator.

To: evaluator

Why Change Dll File addres FF: 21 -> 01 ???

I See Exe File Addres FF is 01 .


To: DakienDX

You explanation i See , But I Can't BPX Dll File in S-ICE~


Thank to your .

kernel5!

Your english is very small!
I sent to you mail

------------------
TerminateThread

Your english is too big!
cya
exit call process