Log in

View Full Version : ASPacked notepad: manually unpack problem


NoSleep
August 30th, 2002, 12:05
Hello,

I want to manually unpack notepad, i know this is newbie question so i used NotePad for target.

I have problems finding OEP for notepad .

I know that OEP for notepad is 6420 but when i packed it with ASPack, OEP is 10001.
So I want to find OEP for Notepad in packed version.
I tried LordPE function break&enter and with SoftIce i am lost in code.

Would you suggest me first step for unpacking notepad ?

Thanx in advance.

OS: WIN 2000Pro
Packer: ASPack 2.12
Debuger:SoftIce 4.05.334

nikolatesla20
August 30th, 2002, 14:48
Hmm Why is this whole OEP question like a bad virus on the board lately? Do some searching, you will get answers on how to find OEP.


Every windows program gets its own memory space, so the original OEP is ALWAYS the OEP. If you know what the OEP is on the orginal file, it will be the same in the unpacked file. That can't be changed, or the program would not run right (without relocations anyway).

So look at IMAGE_BASE + ENTRY POINT in memory to find OEP. If imagebase is 00400000 and entry point is 5000 then OEP is 00405000.

-nt20

egg
August 30th, 2002, 16:26
Quote:
Originally posted by nikolatesla20
Hmm Why is this whole OEP question like a bad virus on the board lately? Do some searching, you will get answers on how to find OEP.

I guess some people just want the treasure without the hunt
(don't invite such people over at Easter time)