Hi

I have read the hacnho Manual unpacking Virogen Crypt v0.75 tutorial
it works great on his crack me, but on my target i can not find the pattern
jnz xxxxxxxxx
mov eax,1
retn 0c
push xxxxxxx
retn
Is there anyone who has worked on this and could help me?

Thanks

akimp3

Yes, the tutorial of hacnho did not correct. It work only with his machine... I have unpacked the Virogen Crypt v0.7 in the past. It is easy to unpack. As I remember, you can use the bp GetProcAddress in OllyDbg, F12 to run until return. Scroll down until you find a a some jmp/je/jne. Bp them and one of them will be a jump to OEP.
Regards

Hi
Thank you for your quick reply.
I have added a breakpoint on getprocaddress in kernal 32.
then i clicked F9 to run.
it braks in getprocaddress
i clicked execute til return ctrl+f9 (not f12 as you told).
it goes to the return a the end of getprocaddress in kernel 32
you told me to scroll and find the jump. i am still in kernel 32 should
i put breakpoint in there or i missunderstood.
please give me some advice

Thanks

akimp3

As stated before, unpacking Virogen Crypt is quite easy. Just put a bp on GetProcAddress and press F9. When Olly breaks, clear the bp. Then press CTRL+F9, then F8 once and you will be out of Kernel32. After that scroll down till you see a RET (2 lines after a RET 0C). put a bp on the RET, F9 to run and break on the RET. then F8 once and you're at the OEP.

Hi
Thank you for your good reply.
I have done all the step but after the f8 when i come out of kernel32.dll
in the main exe i am on a ret command, i scrolled down to find the ret 2 line after ret 0c but there is no ret 0c in this exe at all i have scrolled to the end
bur i have not found any ret 0c.
Could you please give me an advice?
Thanks

akimp3

Well, there's also another solution. A bit more complicated though, PM and I'll take a look at it.

Regards,

sTfN0X