[rw freawabs.com/asux/Unpackme7soLrar
[OllyDbg 1.10 imporREConstructorSTEP 1 - Executable file analysis after installation
nstallation because came in a single executable file, first step is|
encrypted/packed ot
figure 1 for d
check if the
Jcan use the
ina plain ‘0 make this we|
EiTemolasmratectist_oroacknatuteiafunpackne7 ee
‘coonioo e sexton: [
eee ru ovten [s5aa gaa [>|
Lnkeeanfo: [S4z subaysem: [wince GUI
‘efotak L2ERCH- B08. Abe Secor
tmuiscen | [Teskviewer| [Ontos | [oboe | est
F gay ontop [e{ [>]
In order to have some idea abou
finder feature, with this you have
> (Original Entry Point) you can use the generic OEP|
et
Fund Oz: oo4u02s
19. 2 OEP from PEID.
This can't be the real OEP, but Is only for our main idea about this.
‘STEP 2 - Manual unpacking
Now is time to know the target, execute it and look is behavik
dialog box:eon eee
Try to unpackeel Packed wth ASProtect 3.
bi: ehacnhaihardaninio
I you unpack success Serd ut andthe
lrpacked isto me at kegujerkana@eyna com
bicet te
Evctook, HVs, REA, FFF. AR Tea member.
Phare renembll You canvun this unpccke ory 15 days
Fig. 3 Main program dialog b
he Cool...f button to close the program
ad the executable into OllyDbg and select the plugin IsD Present
TERR] view Debug Pgre Options Windbw Hab
i) sie
s usual with ASProtect, in order to find the real OEP you able ;ption handling from the debugger, to
his go to the Options menu and then select Debugging options (or simply press Alt+O):
[EDFie view Osteo Paine REE Window Hee
W look if your settings match this one (if not it accordling to the figure 6):