hi guys

is there a generic way to finde the OEP of packed softwares ??

please answer me
even if u have stupid idea

The easiest way is to get the packer/protector and use it on notepad.exe

then BPMB CS:Notepad_OEiP X

and the last packers code execution address is shown in the log window. U that and you see the 'signature bytes'. Usually a POPAD or POPFD with a ret or JMP OEIP.......

Then you find the same sequence in memory for your target.

(dont use G Notepad_OEiP, does not show the last execution)

Sorry SplAj, but i cant seem to use your trick... condemn me if i am wrong but the log window you refered to the command window as well where we typed our command? i tried bpm OEP on a few program but it doesnt show instruction address of the previous instruction...

I am win2k SP3 with DS 2.6? No icedump loaded... what is wrong?

Thanks
crUsAdEr

P.S : Kayaker, yep this is the thread i was thinking as missing, cos i thought i just saw it for a while, then i went to do something else then come back there were quite a few new threads that move on top and i thought the thread was delete... lesson learnt, should have always scrolled down!!! Sorry about that :>... thanks kayaker.

thanx body

i tried this command but it does not work
can u explain more in details , it would be better if tell one target
u already unpacked it with this way and how u found the OEP

Hi Crus:

Sure it does. Take a look at the log window. For ex. I tried bpmb ShowWindow x and when softice breaks, see in the low window something like this:

Breakd due to BPMB:ShowWindow DR3
MSR LastBreakFromIp = XXXXXXX
MSR LastBreakToIp = XXXXXXXX

It is the FromIP that is of interest BTW, how did you think, I found all those OEiP Sigs for OEPFinder

Signed,
-- FoxThree

Hmm,

what version of sice are you guys running? Is there any special setting for sice? I have tried various ways of bpm or bpmb for that matter... the only thing that appears on my log window is
Breakd due to BPMB:ShowWindow DR3

Yep, only ONE line above!!! Nothing else??? What is your config FoxThree?

cheers
crUsAdEr

Hi crUsAdEr,
Most probably you are using old softice.Try newer versions bpmb showwindow x

I do get the same result as crusader. I'm using the latest Softice (2.4.7). Is there any special settings that needs to be set?

hobgoblin

on DS4.2.7 (build 562), W2K, SP3.
Not working- Sice 4.0.5, W98.
Configuration files are installation default.
Neviens.

Hi All,
I'm using win98.Not sure of Winme or win2k.My sice is ds 2.6

Regards

You, guys, failed to read FUQ..

What processors you have?!....

>You, guys, failed to read FUQ..
>What processors you have?!....

FUP