y2k3
January 26th, 2005, 23:28
Hi Are There Any ollyscript or any tutorial, any unpacker for morphine 2.7 and other versions?
Thanks...
Thanks...
View Full Version : Morphine 2.7 Unpacker?
hosiminh
January 27th, 2005, 02:02
PeID plugin:
_http://go.to/Hairy_Bits
_http://go.to/Hairy_Bits
y2k3
January 27th, 2005, 16:32
There is Morphine 2.7 gui but it is not working on my computer. How can i unpack :\
hosiminh, for your message, thanks...
But i want packer(s) for morphine 2.x versions.
Note : i wouldn't find any morphine unpacker another from 1.2 / 1.3 and they are on ollyscript site. Please Help Me. i am waiting You.
Thanks..
hosiminh, for your message, thanks...
But i want packer(s) for morphine 2.x versions.
Note : i wouldn't find any morphine unpacker another from 1.2 / 1.3 and they are on ollyscript site. Please Help Me. i am waiting You.
Thanks..
TBD
January 27th, 2005, 23:26
[warning] walking on thin ice
translation: keep only OD related topics - unpacking is not!
translation: keep only OD related topics - unpacking is not!
y2k3
February 4th, 2005, 07:06
OllyScript is an unpacker program or not? Why Everybody send unpacking script. Did You See Only Me? Okay. Thanks.!
TBD
February 4th, 2005, 08:01
OllyScript is not an unpacker, it is more like a macro recorder.
yes, it seems that OllyScript is used lately only as a tool for unpacking. from now on, all unpacking scripts will be deleted - use OllyScript site for unpacking script repository.
yes, it seems that OllyScript is used lately only as a tool for unpacking. from now on, all unpacking scripts will be deleted - use OllyScript site for unpacking script repository.
KaGra
February 4th, 2005, 12:09
http://biw.rult.at/vbb/upload/showthread.php?s=&threadid=1130
("http://biw.rult.at/vbb/upload/showthread.php?s=&threadid=1130
")
Morphine 2.7 unpacking tutor
("http://biw.rult.at/vbb/upload/showthread.php?s=&threadid=1130
")
Morphine 2.7 unpacking tutor
KaGra
February 5th, 2005, 03:48
Morphine 2.7 unpacking tutor also in http://www.angelfire.com/indie/zong ("http://www.angelfire.com/indie/zong")
haggar
March 29th, 2005, 13:39
Ignore all exceptions in Olly, then (you must have win XP) put "bp IsBadReadPtr" in cmdline, and run it. You will get message "Bad format..." click OK, you are now in kernel, return in user code, press Ctrl+F9 to rach RETN 0C (I think), execute it. You will land somewhere. Below is JMP EAX go to it , execute it and you are on OEP. The shortest tutorial on the world ;-)
Or paste this in your text:
// ExeStealth v3.04 and Morphine v2.7 - OEP finder script
//
// Works only on Windows XP (because of breakpoint on dll).
//
// ExeStealth first pack file with UPX (but that's optional)
// and then crypt it with Morphine wich uses IsBadReadPtr
// API to clear any breakpoints (that's the reason for that
// "Bad or unknown 32-bit ...".
//
// If there is something wrong with script please mail me
// at "dalmatinac_ipo@yahoo.com".
//
// written by haggar 29.03.2005
//
msg "Ignore all exceptions. If you get 'Bad or unknown format...' message just click OK. "
gpa "IsBadReadPtr","kernel32.dll"
bp $RESULT
run
bc eip
rtu
rtr
sti
findop eip,#FFE0# // Find JMP EAX that leads to OEP
bp $RESULT
run
bc eip
sti
find eip,#60BE????????8DBE????????# //Is it packed with UPX too?
cmp $RESULT,eip
jne OEP_found
sti
var x
mov x,esp
bphws x,"r"
run
bphwc x
sti
OEP_found:
an eip
cmt eip,"This is the OEP. Just dump and fix IAT!"
ret
Or paste this in your text:
// ExeStealth v3.04 and Morphine v2.7 - OEP finder script
//
// Works only on Windows XP (because of breakpoint on dll).
//
// ExeStealth first pack file with UPX (but that's optional)
// and then crypt it with Morphine wich uses IsBadReadPtr
// API to clear any breakpoints (that's the reason for that
// "Bad or unknown 32-bit ..."
.//
// If there is something wrong with script please mail me
// at "dalmatinac_ipo@yahoo.com".
//
// written by haggar 29.03.2005
//
msg "Ignore all exceptions. If you get 'Bad or unknown format...' message just click OK. "
gpa "IsBadReadPtr","kernel32.dll"
bp $RESULT
run
bc eip
rtu
rtr
sti
findop eip,#FFE0# // Find JMP EAX that leads to OEP
bp $RESULT
run
bc eip
sti
find eip,#60BE????????8DBE????????# //Is it packed with UPX too?
cmp $RESULT,eip
jne OEP_found
sti
var x
mov x,esp
bphws x,"r"
run
bphwc x
sti
OEP_found:
an eip
cmt eip,"This is the OEP. Just dump and fix IAT!"
ret
Powered by vBulletin® Version 4.2.2 Copyright © 2019 vBulletin Solutions, Inc. All rights reserved.