SvensK
November 29th, 2003, 07:39
Thought I'd whip up a few quick notes on how to unpack PCGuard v5.0.
1. Load PCGuad protected exe in PEiD (v0.91) and use the Generic OEP Finder to locate the OEP, write it down.
2. Load the exe in Olly.
3. Right-click the value in ECX and Follow in Dump.
4. Right-click the 01 at 7FFDF002 and fill with 00's.
5. Press Ctrl-G while still in the Dump window and fill in the OEP found in PEiD.
6. Right-click the first byte and Breakpoint Memory, on write.
7. Press Shift-F9 a few times until you break at the BP you just set.
8. Press F8 once and notice how the first byte in the dump changes to 55.
9. Remove the current BPM and set a new one on Breakpoint Hardware, on execution at the 55 (push ebp).
10. A few more Shift-F9's and you're at the OEP.
11. Dump with OllyDump plugin and make sure Rebuild Imports - Method 1 is selected.
12. That's it, enjoy.
1. Load PCGuad protected exe in PEiD (v0.91) and use the Generic OEP Finder to locate the OEP, write it down.
2. Load the exe in Olly.
3. Right-click the value in ECX and Follow in Dump.
4. Right-click the 01 at 7FFDF002 and fill with 00's.
5. Press Ctrl-G while still in the Dump window and fill in the OEP found in PEiD.
6. Right-click the first byte and Breakpoint Memory, on write.
7. Press Shift-F9 a few times until you break at the BP you just set.
8. Press F8 once and notice how the first byte in the dump changes to 55.
9. Remove the current BPM and set a new one on Breakpoint Hardware, on execution at the 55 (push ebp).
10. A few more Shift-F9's and you're at the OEP.
11. Dump with OllyDump plugin and make sure Rebuild Imports - Method 1 is selected.
12. That's it, enjoy.
