| View previous topic :: View next topic |
| Author |
Message |
Pros
Master Cheater
 Reputation: 0
Joined: 10 Jul 2006
Posts: 481
Location: Belgium
|
 Posted: Tue Jan 12, 2010 10:14 am Post subject: Unpacking: Modified UPX |
 |
|
First off: I didn't knew in which section this was best to be placed. So I put it up here, since I assume you guys know a lot about unpacking aswell ...
I want to unpack a game-client. Before, I could just unpack it with PE Explorer, it was just a plain simple UPX packer.
But now it's a Modified version and I'm stuck. I know I have to unpack it manually, but I do not have experience with that.
So if anyone would be so kind to just look at it and maybe point me in the right direction.
From what I read, UPX is one of the easiest packers to unpack, so I guess it's a great way to start learning about packers ...
(Oh and, I already tried many public UPX unpackers, and UPX itself aswell, I guess it really is a modified version)
Anyway, all info and/or help is appreciated,
Prospère
Game Client - packed with Modified UPX:
http://www.megaupload.com/?d=ZQHK4M1U
|
|
| Back to top |
|
 |
smartz993
I post too much
 Reputation: 2
Joined: 20 Jun 2006
Posts: 2013
Location: USA
|
| Posted: Wed Jan 13, 2010 8:40 pm Post subject: |
|
|
I don't have WonderKing dependencies 
|
|
| Back to top |
|
|
HellSpider
How do I cheat?
![]() Reputation: 0
Joined: 09 Feb 2010
Posts: 4
Location: Finland
|
| Posted: Tue Feb 09, 2010 1:32 pm Post subject: |
|
|
Shouldn't be anything hard. I can take a look at it but you must provide the non-system import DLLs in the package with the FLORA.exe  .
I looked at the import table and looks like comprezz.dll is the only one you need to add.
|
|
| Back to top |
|
|
igoticecream
Grandmaster Cheater Supreme
 Reputation: 0
Joined: 23 Apr 2006
Posts: 1807
Location: 0x00400000
|
| Posted: Wed Feb 10, 2010 12:39 am Post subject: |
|
|
Try Qunpack, it does unpack most packers
_________________
+~ |
|
| Back to top |
|
|
ColdDoT
Grandmaster Cheater
 Reputation: 0
Joined: 18 May 2006
Posts: 703
Location: The netherlands
|
| Posted: Fri Jul 23, 2010 8:02 am Post subject: |
|
|
There you go, some script to auto unpack and make it hsless loaderless etc etc etc
UPX is easy to unpack manually btw, search for tuts4you for manual unpack.
upx_dump.osc - Unpacks a UPX packed application and dumps it
flora_hssless.osc - Removes HackShield and removes the loader for FLORA.exe, it should work on any version if not it will let you know. This also dumps it.
upx_hsless_flora.osc - This is for the lazy people, just run it open up a IAT recovery (ChimpRec) fix it, Clean the exe with LordPE and tada 
//OOo and ofcourse get ChimpREC to fix the IAT (if you are < windows seven get ImpREC)
_________________
|
|
| Back to top |
|
|
sleepwlker
How do I cheat?
![]() Reputation: 0
Joined: 05 Sep 2010
Posts: 2
|
| Posted: Sun Sep 05, 2010 10:10 pm Post subject: |
|
|
| ColdDoT wrote: | There you go, some script to auto unpack and make it hsless loaderless etc etc etc
UPX is easy to unpack manually btw, search for tuts4you for manual unpack.
upx_dump.osc - Unpacks a UPX packed application and dumps it
flora_hssless.osc - Removes HackShield and removes the loader for FLORA.exe, it should work on any version if not it will let you know. This also dumps it.
upx_hsless_flora.osc - This is for the lazy people, just run it open up a IAT recovery (ChimpRec) fix it, Clean the exe with LordPE and tada
//OOo and ofcourse get ChimpREC to fix the IAT (if you are < windows seven get ImpREC) |
Those pastebin's are expired. If anyone could post the scripts again I would really appreciate it. Maybe even give you a cookie. Thanks!
|
|
| Back to top |
|
|
smartz993
I post too much
Reputation: 2
Joined: 20 Jun 2006
Posts: 2013
Location: USA
|
| Posted: Mon Sep 06, 2010 2:00 am Post subject: |
|
|
| sleepwlker wrote: | | ColdDoT wrote: | There you go, some script to auto unpack and make it hsless loaderless etc etc etc
UPX is easy to unpack manually btw, search for tuts4you for manual unpack.
upx_dump.osc - Unpacks a UPX packed application and dumps it
flora_hssless.osc - Removes HackShield and removes the loader for FLORA.exe, it should work on any version if not it will let you know. This also dumps it.
upx_hsless_flora.osc - This is for the lazy people, just run it open up a IAT recovery (ChimpRec) fix it, Clean the exe with LordPE and tada
//OOo and ofcourse get ChimpREC to fix the IAT (if you are < windows seven get ImpREC) |
Those pastebin's are expired. If anyone could post the scripts again I would really appreciate it. Maybe even give you a cookie. Thanks! |
UPX is more of a packer than a protector. Just scroll down until you see the last JMP before a bunch of the same instruction - set a breakpoint there, and run the app, then just step and you'll be at OEP. Dump+Go.
|
|
| Back to top |
|
|
sleepwlker
How do I cheat?
![]() Reputation: 0
Joined: 05 Sep 2010
Posts: 2
|
| Posted: Mon Sep 06, 2010 10:52 am Post subject: |
|
|
| smartz993 wrote: | | sleepwlker wrote: | | ColdDoT wrote: | There you go, some script to auto unpack and make it hsless loaderless etc etc etc
UPX is easy to unpack manually btw, search for tuts4you for manual unpack.
upx_dump.osc - Unpacks a UPX packed application and dumps it
flora_hssless.osc - Removes HackShield and removes the loader for FLORA.exe, it should work on any version if not it will let you know. This also dumps it.
upx_hsless_flora.osc - This is for the lazy people, just run it open up a IAT recovery (ChimpRec) fix it, Clean the exe with LordPE and tada
//OOo and ofcourse get ChimpREC to fix the IAT (if you are < windows seven get ImpREC) |
Those pastebin's are expired. If anyone could post the scripts again I would really appreciate it. Maybe even give you a cookie. Thanks! |
UPX is more of a packer than a protector. Just scroll down until you see the last JMP before a bunch of the same instruction - set a breakpoint there, and run the app, then just step and you'll be at OEP. Dump+Go. |
That would just unpack it though, no?
I think I've already unpacked it, how successfully is to be determined though. What I need to know next is how to remove HS. How to make a HSless client that is.
|
|
| Back to top |
|
|
smartz993
I post too much
Reputation: 2
Joined: 20 Jun 2006
Posts: 2013
Location: USA
|
| Posted: Mon Sep 06, 2010 12:02 pm Post subject: |
|
|
| sleepwlker wrote: | | smartz993 wrote: | | sleepwlker wrote: | | ColdDoT wrote: | There you go, some script to auto unpack and make it hsless loaderless etc etc etc
UPX is easy to unpack manually btw, search for tuts4you for manual unpack.
upx_dump.osc - Unpacks a UPX packed application and dumps it
flora_hssless.osc - Removes HackShield and removes the loader for FLORA.exe, it should work on any version if not it will let you know. This also dumps it.
upx_hsless_flora.osc - This is for the lazy people, just run it open up a IAT recovery (ChimpRec) fix it, Clean the exe with LordPE and tada
//OOo and ofcourse get ChimpREC to fix the IAT (if you are < windows seven get ImpREC) |
Those pastebin's are expired. If anyone could post the scripts again I would really appreciate it. Maybe even give you a cookie. Thanks! |
UPX is more of a packer than a protector. Just scroll down until you see the last JMP before a bunch of the same instruction - set a breakpoint there, and run the app, then just step and you'll be at OEP. Dump+Go. |
That would just unpack it though, no?
I think I've already unpacked it, how successfully is to be determined though. What I need to know next is how to remove HS. How to make a HSless client that is. |
Check kryptodev.
|
|
| Back to top |
|
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
