SilSaLaMaTa
June 18th, 2002, 10:22
hi
I tried to unpack Commview 3.1 (build 161) , I read the splaj tut on unpacking cv .
I'm using winxp pro . I found the OEP st 5b28a8. started rv and click on "Fetch IAT" . IT RVA = 1C9258 and len = 968 .
IAT resolver and then Resolve again . there were 10 unresolved modules . I choose one by one , right click on them and
choosed "Asprotect 1.2x emul" . then I press resolve again . after resolving threre were 3 unresolved .
at 5B1FAC : in sice -> U 5b1fac -> ...-> SizeOfResource
at 5B202C : in sice -> U 5b202c -> push ebp , .... -> a cmp and then a jump and ret
at 5B2060 : same as 5B202C .
so I tried Api Emulator . when I click on that RV stops responding and I have to close revirgin (and restart my comp
) .
I entred GetVersion for 5B202C and FreeResource for the next . then resolved again . I entred
IT rva = 230000 (my dumped file size = 2293760 and
last section = 22f000 , size = 1000) . then I clicked on generate and saved it.bin . in lord pe , add a section with .test
and load it.bin from the disk . then entry point to 1B28a8 and Import Table RVA = 230000 (size = 34EE) . then rebuild PE
with Validate PE only . I fixed the Size check in the file . I didn't find CRC checkin as splaj said .
when I tried to run cv , I get "Not Enough memory to run the program ...." .
Size of image is 234000 and file size = 2334EE . so what is the problem ?
(sorry for my english !)
I tried to unpack Commview 3.1 (build 161) , I read the splaj tut on unpacking cv .
I'm using winxp pro . I found the OEP st 5b28a8. started rv and click on "Fetch IAT" . IT RVA = 1C9258 and len = 968 .
IAT resolver and then Resolve again . there were 10 unresolved modules . I choose one by one , right click on them and
choosed "Asprotect 1.2x emul" . then I press resolve again . after resolving threre were 3 unresolved .
at 5B1FAC : in sice -> U 5b1fac -> ...-> SizeOfResource
at 5B202C : in sice -> U 5b202c -> push ebp , .... -> a cmp and then a jump and ret
at 5B2060 : same as 5B202C .
so I tried Api Emulator . when I click on that RV stops responding and I have to close revirgin (and restart my comp
) .I entred GetVersion for 5B202C and FreeResource for the next . then resolved again . I entred
IT rva = 230000 (my dumped file size = 2293760 and
last section = 22f000 , size = 1000) . then I clicked on generate and saved it.bin . in lord pe , add a section with .test
and load it.bin from the disk . then entry point to 1B28a8 and Import Table RVA = 230000 (size = 34EE) . then rebuild PE
with Validate PE only . I fixed the Size check in the file . I didn't find CRC checkin as splaj said .
when I tried to run cv , I get "Not Enough memory to run the program ...." .
Size of image is 234000 and file size = 2334EE . so what is the problem ?
(sorry for my english !)
