View Full Version : Failed unpack
gbrooks3
June 13th, 2005, 09:21
Hopefully someone can help me out......and yes i have searched, but could not really find a solution.
Trying to unpack an ASPack 2.12 Alexey Solodovnikov protected PE.
Using olly, i traced to the OEP then i dumped using ollydump. Choose to repair the IT. Now, following al tuts on this the program should be unpacked - which it was. However it does not run. I get:
The application failed to initialize properly (0xc0000005). Click OK to terminate...
Not sure how to fix this.........hopefully someone can help with this error.
Regards
fighter_81
June 13th, 2005, 09:25
Try to dump the file with LordPe, Then open up Imprec, insert the oep in the field and press iat autosearch.
select all invalid entries and delete these thunks.
fix dump and let me know.
Fighter_81
gbrooks3
June 13th, 2005, 09:54
OK, well firstly thanks for your help, really appreciate it.
However, i did as you said,
1. Dumped exe with LordPe - saved automatically as .dll so i renamed it to exe.
2. Opened up Imprec
3. Changed the OEP to 0008C018 (which is correct)
4. "Get Imports"
5. Imprec said it found the IT correctly but told me another RVA and size to try if it didnt work. No thunks, vaild or invalid?????
6. Guess what.........didnt work
7. Tried the other RVA and Size
8. Now there are loads of invalid thunks - deleted all invalid entries successfully
9. "Fix Dump"
10. Successfully saved dumped exe
However now when running the exe i get ominous nag:
dumped_.exe has encountered a problem and needs to close. We are sorry for the inconvenience.
Any thoughts................
fighter_81
June 13th, 2005, 10:09
Send me a pm and tell me the name of the prg
I WILL download it and send you tomorrow a tut on how to unpack it.
Have you changed the ep to oep in the header?
Don't think that i am fooling you. It is not my intention.
i am only suggesting what could you do wrong.
fighter_81
gbrooks3
June 13th, 2005, 10:42
PM sent
Yeh the EP is set to the OEP
esther
June 13th, 2005, 11:18
imprec oep =00001000
gbrooks3
June 13th, 2005, 13:23
@esther
Thanks, but i tried that, IAT's read successfully, deleted bad thunks then Fixed dump.........but same error
dumped_.exe has encountered a problem and needs to close. We are sorry for the inconvenience.
Thanks
gbrooks3
June 14th, 2005, 09:48
@fighter_81 or anyone else,
Any other suggestions?
After reading more posts i find that sometimes PEid mistakes Alexey's ASprotect for ASpack. Could this be the problem? I am really struggling with this. Thanks
seven
June 17th, 2005, 14:32
gbrooks3
June 18th, 2005, 06:54
Thankyou but i have tried procdump.......could you elaborate a little?
seven
June 18th, 2005, 14:06
Quote:
| could you elaborate a little? |
sure -_a
hxxp://sevensea.50megs.com/procdee.rar
Admin plz :
inValid file extension : rar
JMI
June 18th, 2005, 14:11
Seven:
Your URL gives:
You do not have permission to access http://sevensea.50megs.com/procdee.rar
Data files must be stored on the same site they are linked from.
AND, you aren't attempting to post a "crack" of a commercial software on our Forum, are YOU??? The consequences of such an act would not be to your liking.
Regards,
seven
June 18th, 2005, 14:31
sorry guyz , i forgot 2 say uze d/m
getright ,flashget , any d/m proggy -_a
Quote:
| you aren't attempting to post a "crack" of a commercial software on our Forum, are YOU??? |
mmmm nop coz i dont deal with illegal thingz
JMI
June 18th, 2005, 14:54
Just checking, since I couldn't open it before I asked.
The message is also for others who might be considering posting such things.
Regards,
DaGoN
June 18th, 2005, 17:19
I've unpacked it in 45 seconds.
Load target in olly. Press Ctrl+S and copy and paste this:
Code:
MOV EAX,1
RETN 0C
PUSH 0
Press ok and click on push 0. Press f4 and you will see your OEP.
0052C3BA 68 18C04800 PUSH crack2d.0048C018
Press f7 until retn and dump at 0048C018.
Load imprec and insert oep = 8C018. Press IAT Autosearch and Getimports. Fix.
It works.
DaGoN
Peres
June 19th, 2005, 03:34
I wonder if gbrooks has now gained the ability to unpack an aspack target on his own...
Is fighter81 going to post his tutorial for the public to read? It would be surely more interesting than reading the set of macro instructions he gave before.
Sincerely
Peres
gbrooks3
June 19th, 2005, 06:07
Quote:
[Originally Posted by DaGoN]I've unpacked it in 45 seconds.
Load target in olly. Press Ctrl+S and copy and paste this:
Code:
MOV EAX,1
RETN 0C
PUSH 0
Press ok and click on push 0. Press f4 and you will see your OEP.
0052C3BA 68 18C04800 PUSH crack2d.0048C018
Press f7 until retn and dump at 0048C018.
Load imprec and insert oep = 8C018. Press IAT Autosearch and Getimports. Fix.
It works.
DaGoN |
Not working for me
I followed your instructions (although i had already identified that as the OEP)
Dumped with olly
Fixed IAT sucessfully
Program wont run - encountered a problem and needs to close yada yada yada......
really appreciate your help on this though....
DaGoN
June 19th, 2005, 06:59
It is very strange... My copy working fine.
Send me your dump with iat fixed. Use yousendit.com service and send me the link via pm.
Byez,
DaGoN
gbrooks3
June 19th, 2005, 07:09
PM sent, thanks for your help. Maybe it is my OS problem then...........
The Old Pirate
June 19th, 2005, 07:28
Maybe try to use UnAspack or Stripper to unpack it properly and find out if it's your fault or your system fault :P
fighter_81
June 20th, 2005, 00:29
The next week i will post it for who want to read that.
I cannot post now because i have three exams in a week so i have to study a lot.
Regards to all and see the next week.
Fighter_81
Powered by vBulletin® Version 4.2.2 Copyright © 2018 vBulletin Solutions, Inc. All rights reserved.