Anonymous
February 8th, 2003, 15:19
Can we unpack with ollydbg?
i'm a newbie in unpacking:with softice is ok.help me please how to proceed?
i'm a newbie in unpacking:with softice is ok.help me please how to proceed?
View Full Version : Can we unpack with ollydbg?
Norb
February 9th, 2003, 07:30
Yes you can unpack with ollydbg. No you can't unpack most protection schemes, as it's an app debugger, not a system debugger. So you can't unpack ASProtect for example.
Ricardo Narvaja
February 9th, 2003, 08:07
I unpack asprotect with OLLYDBG, dump and recosntruct the table with revirgin in the same form i unpack with softice.
Softice for unpack asprotect
Go to entry point (oep)
Dump with ICEDUMP
repair with PEEDITOR
reconstruc with revirgin
OLLYDBG for unpack asprotect
Go to entry point
Dump with Memory dumper
repair with peeditor
reconstruct with revirgin
The same unpack you can make with softice you can make with olly the exception is pelock but this packer not RUN in olly 1.08 for a trouble with the SAL instruction the other packer is the same thing.
Ricardo Narvaja
Softice for unpack asprotect
Go to entry point (oep)
Dump with ICEDUMP
repair with PEEDITOR
reconstruc with revirgin
OLLYDBG for unpack asprotect
Go to entry point
Dump with Memory dumper
repair with peeditor
reconstruct with revirgin
The same unpack you can make with softice you can make with olly the exception is pelock but this packer not RUN in olly 1.08 for a trouble with the SAL instruction the other packer is the same thing.
Ricardo Narvaja
Norb
February 9th, 2003, 09:43
but how do you find the entry point using Ollydbg?
Anonymous
February 9th, 2003, 15:36
thanks ricnar456.
but how do you find the entry point using Ollydbg?
with softice :symbolloader will do the trick and breacks on entry point.and we trace untill find something like
opad...signatures then OEP
appears and then with procdump we fix the oep +dump+rebuild with revergin
that all.so please can you explain us all that with a tut in the forum or attach it to:yano65@hotmail.com
i will be so gratful thanks.
but how do you find the entry point using Ollydbg?
with softice :symbolloader will do the trick and breacks on entry point.and we trace untill find something like
opad...signatures then OEPappears and then with procdump we fix the oep +dump+rebuild with revergin
that all.so please can you explain us all that with a tut in the forum or attach it to:yano65@hotmail.com
i will be so gratful thanks.
Ricardo Narvaja
February 9th, 2003, 16:26
For any packer go to SET CONTIDTION and put EIP entre the low and the high value of the first section, and TRACE INTO, is slow but stops in the EIP.
For asprotect this is not possible for the exceptiosns the method is :
on DEBUGGER-EXCEPTIONS only the first box is checked.
Go with run and copy the positions of the exceptions, when stops in one, SHIFT + F7 y RUN again copy one to one this positions of the exceptions, there are one last execption after the program start.
copy in a paper this last exception.
restart repeat and go to this last exception, shift + f7, NOT RUN, if you run the program start, and go to VIEW-MEMORY and in the fisrt section put a BPM on access, RUN again and stops in the entry point.Quit the BPM and dump with memory dumper, and the process is similar to sice.
Ricardo
For asprotect this is not possible for the exceptiosns the method is :
on DEBUGGER-EXCEPTIONS only the first box is checked.
Go with run and copy the positions of the exceptions, when stops in one, SHIFT + F7 y RUN again copy one to one this positions of the exceptions, there are one last execption after the program start.
copy in a paper this last exception.
restart repeat and go to this last exception, shift + f7, NOT RUN, if you run the program start, and go to VIEW-MEMORY and in the fisrt section put a BPM on access, RUN again and stops in the entry point.Quit the BPM and dump with memory dumper, and the process is similar to sice.
Ricardo
Ricardo Narvaja
February 9th, 2003, 19:18
I have many tutes of unpack asprotect 1.23 with olly with programs and examples but this are in spanish, and you dont understand this and i dont speak english, the traslation is very difficult for me.
Ricardo Narvaja
Ricardo Narvaja
Squidge
February 10th, 2003, 01:57
If you can email me one of the documents, I will attempt to translate it into english and post it to this group.
paulc@ibiblio.org
paulc@ibiblio.org
Anonymous
February 10th, 2003, 10:06
Ricnar you can help yourself with English-Spanish Interpreter Pro from Word Magic Software. I manage to translate some of Karpoff tuts about that.
The_Philosopher
The_Philosopher
Anonymous
February 10th, 2003, 13:43
thanks a lot ricnar456 for all!
in fact i speak spanish good.nOT VERY GOOD!!
but the idea suggested by Squidje seems to be very good(thanks Squidje)
so once translated into english every one hier in the forum can understand easilly .thanks ++.
i begin to "love" ollydbg.i think softice is no longer the only debuger in matter of cracking.bye
in fact i speak spanish good.nOT VERY GOOD!!
but the idea suggested by Squidje seems to be very good(thanks Squidje)
so once translated into english every one hier in the forum can understand easilly .thanks ++.
i begin to "love" ollydbg.i think softice is no longer the only debuger in matter of cracking.bye
Ricardo Narvaja
February 10th, 2003, 15:27
If you want my tutes is here
http://www.hackemate.com.ar/cracking/cursos/ccr.rar
("http://www.hackemate.com.ar/cracking/cursos/ccr.rar
")
is in spanish and has 36 leson of theory, and 36 challenges with various levels and the solutions of all, and the programs and crackmes for practice, is 30 megas all the zip complete.
Ricardo
http://www.hackemate.com.ar/cracking/cursos/ccr.rar
("http://www.hackemate.com.ar/cracking/cursos/ccr.rar
")
is in spanish and has 36 leson of theory, and 36 challenges with various levels and the solutions of all, and the programs and crackmes for practice, is 30 megas all the zip complete.
Ricardo
Squidge
February 11th, 2003, 07:16
can you split it up? Only manage to get about 400kb, then it disconnects me 
Ricardo Narvaja
February 11th, 2003, 10:28
Is not my page, is the page of PROF X.
Ricardo
Ricardo
Anonymous
February 12th, 2003, 07:34
Use some d/l manager. It works ok then and speed is not under 5.5KB/s.
The_Philosopher
The_Philosopher
HackeR MaN
February 13th, 2003, 00:45
there is nice website can translate different languages
http://freetranslation.com/
("http://freetranslation.com/
")
ricnar456
http://www.hackemate.com.ar/cracking/cursos/ccr.rar ("http://www.hackemate.com.ar/cracking/cursos/ccr.rar")
the website is having very poor connection so i can't download it because it cuts off
but thanks for your tuts
http://freetranslation.com/
("http://freetranslation.com/
")
ricnar456
http://www.hackemate.com.ar/cracking/cursos/ccr.rar ("http://www.hackemate.com.ar/cracking/cursos/ccr.rar")
the website is having very poor connection so i can't download it because it cuts off
but thanks for your tuts
Ricardo Narvaja
February 13th, 2003, 11:11
Here there are mirrors
primera addres: http://www.hackemate.com.ar/cracking/
("http://www.hackemate.com.ar/cracking/
")
segunda addres: http://www.crackmanworld.com/~cracking/
("http://www.crackmanworld.com/~cracking/
")
tercera addres: http://www.unmanarc.com/cracking/
("http://www.unmanarc.com/cracking/
")
Ricardo Narvaja
primera addres: http://www.hackemate.com.ar/cracking/
("http://www.hackemate.com.ar/cracking/
")
segunda addres: http://www.crackmanworld.com/~cracking/
("http://www.crackmanworld.com/~cracking/
")
tercera addres: http://www.unmanarc.com/cracking/
("http://www.unmanarc.com/cracking/
")
Ricardo Narvaja
Anonymous
February 13th, 2003, 16:12
Thanks ricnar456 for your tuts and your efforts thanks++++again
psyCK0
February 13th, 2003, 17:24
I just wish I knew Spanish... Those essays seem really well done :/
Powered by vBulletin® Version 4.2.2 Copyright © 2018 vBulletin Solutions, Inc. All rights reserved.