Hi as you all know i am new to reversing so im not familiar with alot of different types of protections. but anyhow. i was practicing the techniques that i know so far to try to reverse RegSupreme 1.3, PEiD says its packed with UPX so i tried to unpack it manually but after i rebuilt the imports with ImpREC, ImpREC said it was done successfully and the program ran but immediatly after it runs the window of the program just freezes comletly and you cant close it out or anything. can anybody tell me why this could be happening?

thanks.

try upx -d ..maybe its crypted version of upx... check it.. there is other way trace your dump in olly ..maybe its a crc check or something ...


bye NeO

Scan your dump file with the "KAnal" plugin for PEiD to look for CRC32 protection.

And if it's homemade hash "kanal" won't help. And anyway crc check shouldn't do such a tricks (unless u patched program too). Like NeO suggested i would try at first to unpack it with upx or some other automatick unpacker (peid generic unpacker should work) and if unpacked file works normaly then compare working and not working files to find out whats wrong.

Regards

i tried PEid generic unpacker and it did the same thing as if i manually unpacked it and it still locks up

So why are you hiding information from us?
What happened when you (and I'm sure you did ) fired up your dumped exe in Olly and used a trace here, a well-placed log-breakpoint there, and compared the results to those of the packed file?

The only way you're going to learn how to deal with new problems is to experiment with them. There is very little (along these lines) you can't solve using a decent ring3 debugger (OllyDbg is paradigm), so get your hands dirty and find out where the functional and the non-functional begin to differ.

Regards
Admiral

Hi
It is strange,But I had the same problem but with another program.
My program was packed by UPX too,But when I tried PEid Generic unpacker,manual
unpacking and "upx -d",all of them results to an application seems to be an unpacked
program(and really it is),But after running program,it completely freeze(I need using
"End Task".
I found the result of that problem.That program was using an Hash,for integrity check.
I think you should have the same problem.Look for integrity checking routines.
If program is running and then it freeze,I think it is because of integrity checking.
In addition you should not name the program you working on.
This is against this site rules.

sincerely yours

sorry about naming the target.

anywayz thanks for the heads up on the integrity check. hope thats what is causing it.

thanks.