Moi
02-10-2006, 07:39 PM
Need some help on an upx-ed file. If I load it into ollydbg I get an entry point outside the code error.
It has UPX0,UPX1,UPX2 inside (version 1.08). But it isn't a normal upx because it starts with something that looks like a XOR loop.
I know how to unpack and change the OEP manual but this one is difficult.
Program code starts with:
PUSH 258
POP ECX
MOV ESI, (offset beginning)
push ESI
00401F0C: XOR BYTE PTR DS: [ESI], 30
INC ESI
LOOPD SHORT 00401F0C
RETN
Can someone give me a hint how to start ? I already tried some upxfixers but they didn't work.
It has UPX0,UPX1,UPX2 inside (version 1.08). But it isn't a normal upx because it starts with something that looks like a XOR loop.
I know how to unpack and change the OEP manual but this one is difficult.
Program code starts with:
PUSH 258
POP ECX
MOV ESI, (offset beginning)
push ESI
00401F0C: XOR BYTE PTR DS: [ESI], 30
INC ESI
LOOPD SHORT 00401F0C
RETN
Can someone give me a hint how to start ? I already tried some upxfixers but they didn't work.