Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


Unpacking: Modified UPX

 
Post new topic   Reply to topic    Cheat Engine Forum Index -> General programming -> Crackmes
View previous topic :: View next topic  
Author Message
Pros
Master Cheater
Reputation: 0

Joined: 10 Jul 2006
Posts: 481
Location: Belgium

PostPosted: Tue Jan 12, 2010 10:14 am    Post subject: Unpacking: Modified UPX Reply with quote

First off: I didn't knew in which section this was best to be placed. So I put it up here, since I assume you guys know a lot about unpacking aswell ...

I want to unpack a game-client. Before, I could just unpack it with PE Explorer, it was just a plain simple UPX packer.
But now it's a Modified version and I'm stuck. I know I have to unpack it manually, but I do not have experience with that.

So if anyone would be so kind to just look at it and maybe point me in the right direction.
From what I read, UPX is one of the easiest packers to unpack, so I guess it's a great way to start learning about packers ...
(Oh and, I already tried many public UPX unpackers, and UPX itself aswell, I guess it really is a modified version)

Anyway, all info and/or help is appreciated,
Prospère


Game Client - packed with Modified UPX:
http://www.megaupload.com/?d=ZQHK4M1U
Back to top
View user's profile Send private message
smartz993
I post too much
Reputation: 2

Joined: 20 Jun 2006
Posts: 2013
Location: USA

PostPosted: Wed Jan 13, 2010 8:40 pm    Post subject: Reply with quote

I don't have WonderKing dependencies Sad
Back to top
View user's profile Send private message
HellSpider
How do I cheat?
Reputation: 0

Joined: 09 Feb 2010
Posts: 4
Location: Finland

PostPosted: Tue Feb 09, 2010 1:32 pm    Post subject: Reply with quote

Shouldn't be anything hard. I can take a look at it but you must provide the non-system import DLLs in the package with the FLORA.exe Smile.

I looked at the import table and looks like comprezz.dll is the only one you need to add.
Back to top
View user's profile Send private message
igoticecream
Grandmaster Cheater Supreme
Reputation: 0

Joined: 23 Apr 2006
Posts: 1807
Location: 0x00400000

PostPosted: Wed Feb 10, 2010 12:39 am    Post subject: Reply with quote

Try Qunpack, it does unpack most packers
_________________
+~
Back to top
View user's profile Send private message
ColdDoT
Grandmaster Cheater
Reputation: 0

Joined: 18 May 2006
Posts: 703
Location: The netherlands

PostPosted: Fri Jul 23, 2010 8:02 am    Post subject: Reply with quote

There you go, some script to auto unpack and make it hsless loaderless etc etc etc

UPX is easy to unpack manually btw, search for tuts4you for manual unpack.

upx_dump.osc - Unpacks a UPX packed application and dumps it
flora_hssless.osc - Removes HackShield and removes the loader for FLORA.exe, it should work on any version if not it will let you know. This also dumps it.
upx_hsless_flora.osc - This is for the lazy people, just run it open up a IAT recovery (ChimpRec) fix it, Clean the exe with LordPE and tada Very Happy

//OOo and ofcourse get ChimpREC to fix the IAT (if you are < windows seven get ImpREC)

_________________
Back to top
View user's profile Send private message MSN Messenger
sleepwlker
How do I cheat?
Reputation: 0

Joined: 05 Sep 2010
Posts: 2

PostPosted: Sun Sep 05, 2010 10:10 pm    Post subject: Reply with quote

ColdDoT wrote:
There you go, some script to auto unpack and make it hsless loaderless etc etc etc

UPX is easy to unpack manually btw, search for tuts4you for manual unpack.

upx_dump.osc - Unpacks a UPX packed application and dumps it
flora_hssless.osc - Removes HackShield and removes the loader for FLORA.exe, it should work on any version if not it will let you know. This also dumps it.
upx_hsless_flora.osc - This is for the lazy people, just run it open up a IAT recovery (ChimpRec) fix it, Clean the exe with LordPE and tada Very Happy

//OOo and ofcourse get ChimpREC to fix the IAT (if you are < windows seven get ImpREC)


Those pastebin's are expired. If anyone could post the scripts again I would really appreciate it. Maybe even give you a cookie. Thanks! Very Happy
Back to top
View user's profile Send private message
smartz993
I post too much
Reputation: 2

Joined: 20 Jun 2006
Posts: 2013
Location: USA

PostPosted: Mon Sep 06, 2010 2:00 am    Post subject: Reply with quote

sleepwlker wrote:
ColdDoT wrote:
There you go, some script to auto unpack and make it hsless loaderless etc etc etc

UPX is easy to unpack manually btw, search for tuts4you for manual unpack.

upx_dump.osc - Unpacks a UPX packed application and dumps it
flora_hssless.osc - Removes HackShield and removes the loader for FLORA.exe, it should work on any version if not it will let you know. This also dumps it.
upx_hsless_flora.osc - This is for the lazy people, just run it open up a IAT recovery (ChimpRec) fix it, Clean the exe with LordPE and tada Very Happy

//OOo and ofcourse get ChimpREC to fix the IAT (if you are < windows seven get ImpREC)


Those pastebin's are expired. If anyone could post the scripts again I would really appreciate it. Maybe even give you a cookie. Thanks! Very Happy


UPX is more of a packer than a protector. Just scroll down until you see the last JMP before a bunch of the same instruction - set a breakpoint there, and run the app, then just step and you'll be at OEP. Dump+Go.
Back to top
View user's profile Send private message
sleepwlker
How do I cheat?
Reputation: 0

Joined: 05 Sep 2010
Posts: 2

PostPosted: Mon Sep 06, 2010 10:52 am    Post subject: Reply with quote

smartz993 wrote:
sleepwlker wrote:
ColdDoT wrote:
There you go, some script to auto unpack and make it hsless loaderless etc etc etc

UPX is easy to unpack manually btw, search for tuts4you for manual unpack.

upx_dump.osc - Unpacks a UPX packed application and dumps it
flora_hssless.osc - Removes HackShield and removes the loader for FLORA.exe, it should work on any version if not it will let you know. This also dumps it.
upx_hsless_flora.osc - This is for the lazy people, just run it open up a IAT recovery (ChimpRec) fix it, Clean the exe with LordPE and tada Very Happy

//OOo and ofcourse get ChimpREC to fix the IAT (if you are < windows seven get ImpREC)


Those pastebin's are expired. If anyone could post the scripts again I would really appreciate it. Maybe even give you a cookie. Thanks! Very Happy


UPX is more of a packer than a protector. Just scroll down until you see the last JMP before a bunch of the same instruction - set a breakpoint there, and run the app, then just step and you'll be at OEP. Dump+Go.


That would just unpack it though, no?

I think I've already unpacked it, how successfully is to be determined though. What I need to know next is how to remove HS. How to make a HSless client that is.
Back to top
View user's profile Send private message
smartz993
I post too much
Reputation: 2

Joined: 20 Jun 2006
Posts: 2013
Location: USA

PostPosted: Mon Sep 06, 2010 12:02 pm    Post subject: Reply with quote

sleepwlker wrote:
smartz993 wrote:
sleepwlker wrote:
ColdDoT wrote:
There you go, some script to auto unpack and make it hsless loaderless etc etc etc

UPX is easy to unpack manually btw, search for tuts4you for manual unpack.

upx_dump.osc - Unpacks a UPX packed application and dumps it
flora_hssless.osc - Removes HackShield and removes the loader for FLORA.exe, it should work on any version if not it will let you know. This also dumps it.
upx_hsless_flora.osc - This is for the lazy people, just run it open up a IAT recovery (ChimpRec) fix it, Clean the exe with LordPE and tada Very Happy

//OOo and ofcourse get ChimpREC to fix the IAT (if you are < windows seven get ImpREC)


Those pastebin's are expired. If anyone could post the scripts again I would really appreciate it. Maybe even give you a cookie. Thanks! Very Happy


UPX is more of a packer than a protector. Just scroll down until you see the last JMP before a bunch of the same instruction - set a breakpoint there, and run the app, then just step and you'll be at OEP. Dump+Go.


That would just unpack it though, no?

I think I've already unpacked it, how successfully is to be determined though. What I need to know next is how to remove HS. How to make a HSless client that is.


Check kryptodev.
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> General programming -> Crackmes All times are GMT - 6 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites