Hi all i'm a newb to all this MUP buisness - but gotta start somewhere right ?
Realy hope someone are able to help.

My target: h***://***.opm-2.c**

What i did so far:
1) I found the OEP using procdum PEeditor - 0023fc01
2) I've replaced the byte at OEP with CC (int3)
Now SI breaks on bpint 3

Next I changed the bits back to it's org. and tryed to step through the code
and as expected theres a call to the unpacking routine and this is followed by a jump to the real OEP - i guess

My problem: SI wont break after the call executed - the program just launches - How do i find the real EOP

Thx in advance

Kind Regards Dr.Bizar

Why do you expect SI to break after the OEP-call in the first place? Have you put some kind of breakpoint there, or what?

It was a matter of "will." He wanted it to break "there" so he "expected" to to do so.

Regards,

Why do you need to jump to the oep if you know what it is?

Read the post guys. He states that he located an unpacking routine, and after that a jump to the real oep. Legend has it that sice has the capability to step over calls. What the young lad is mistaken about is one of two things:
1) softice doesn't always behave well - some versions with some os's are NOT able to step over calls.
2) the REAL jump to the REAL oep might be located inside the unpacking function - and not after the call. Thus trying to step over the call would lead to the execution of the app.

Hmmmm ... long time since I last found myself telling others to go easy on newbies. Odds are I misunderstood something - apologies upfront.

Fake