Hi!

Since it's my first post I'd like to tell you that I've used the search function,
studied the faq and read tutorials, so there's no need to flame me right now.



I need some advice on unpacking Neolite 2. To practise, I tried to
decompress Neolite itself. Guess what, I already managed to unpack
neolite.exe without any trouble...

Next, I was working on pecomp.dll, also provided and packed with Neolite.
I changed the characteristics ( [ PE_header_start + 22 bytes ] --> [value]-0x200h),
as described somewhere. So I was able to dump it using Ollydbg.

My question
But how do I rebuilt a dump (of an unpacked DLL file)? How do I rebuilt the
Imports? While unpacking Neolite.exe, I used ImpRec to rebuilt the dump.
As a library cannot be executed directly, I run it through Neolite and picked
up the DLL (ImpRec). But the OEP seems to be incorrect and no IAT is found.

Any help, any explaination?

BTW ollyDBG tells me that the OEP of the DLL is 0040 C638.
[image removed]

as i see on the pic, you didn't insert OEP...
0040C638 means insert C638. but i wonder... normally DLL's have no imagebase of 400000

Hi all! I am used LordPE for dumping Neoxxx.dll.Ollydumper is not correct dumping my dll.You see ImageBase this dll in ollydbg then change in LordPE Editor and too change OEP.I am find oep in dll the next metod: Go to expression:address section "code" dll.Then :search command JMP EAX and set HBPX then run.Sorry for my English!

The entry Point of the DLL (after JMP EAX) was 0035 C638, so I dumped it
using LordPE as you told me. After fixing the OEP (C638) and Image Base
(0035 0000) it worx just fine!

Thanx alot!

-topic closed-

After unpacking ASPACK I'd like to unscramble some SVKP "protected" exe.
Unfortunately, Ricardo's site (tutorial) has gone Does any1 have a copy?

My Target: Powermule.exe, a spyware/trojan infected emule client.
I just managed step 1 of SVKP unpacking by removing the anti-debug shit.