|
|
|
[求助]Unknown UPX.
@hcg Your file is not unpacked full yet. Memory map, item 17 The file isn't unpack full. The file contents SFX yet. |
|
[求助]Unknown UPX.
@ellee Your method can't unpack correct file. @hcg Thank you for unpack. Only your unpack file is correct. Unpaked Do you can tell me how unpack file? |
|
[求助]Unknown UPX.
1. How you remove slicing? 2. Why i can't view code with analyze of ollydbg? With analyze of Ollydbg: 3. Which packer and version is packed file? Greetings. |
|
[求助]Unknown UPX.
I known that OEP is in 00452FBC. I dump with OEP 52FBC and reconstruct with ImpRec. unknown_UPX_unpack.rar Analyze of NEW unpacked file says: Microsoft Visual C++ 7.0 * But header of file is slicing. I think that have third type packer maybe Armadillo. 00452FBC > $ 6A 60 PUSH 60 00452FBE . 68 309D4F00 PUSH unknown_.004F9D30 00452FC3 . E8 24410000 CALL unknown_.004570EC 00452FC8 . BF 94000000 MOV EDI,94 00452FCD . 8BC7 MOV EAX,EDI 00452FCF . E8 9C1D0000 CALL unknown_.00454D70 00452FD4 . 8965 E8 MOV DWORD PTR SS:[EBP-18],ESP 00452FD7 . 8BF4 MOV ESI,ESP 00452FD9 . 893E MOV DWORD PTR DS:[ESI],EDI 00452FDB . 56 PUSH ESI ; /pVersionInformation 00452FDC . FF15 9CC24700 CALL DWORD PTR DS:[<&kernel32.GetVersion>; \GetVersionExA Without analyze of Ollydbg: Ctrl+G - 00413685 00413685 ^\E3 A3 JECXZ SHORT unknown_.0041362A 00413687 3E:FB STI ; Superfluous prefix 00413689 4D DEC EBP 0041368A D9C0 FLD ST 0041368C 02A6 3C7A6072 ADD AH,BYTE PTR DS:[ESI+72607A3C] 00413692 1A6D 0D SBB CH,BYTE PTR SS:[EBP+D] 00413695 CE INTO 00413696 36:20D6 AND DH,DL ; Superfluous prefix 00413699 A9 9508C791 TEST EAX,91C70895 With analyze of Ollydbg: Ctrl+G - 00413685 00413685 E3 DB E3 00413686 A3 DB A3 00413687 3E DB 3E ; CHAR '>' 00413688 FB DB FB 00413689 4D DB 4D ; CHAR 'M' 0041368A D9 DB D9 0041368B C0 DB C0 0041368C 02 DB 02 0041368D A6 DB A6 0041368E 3C DB 3C ; CHAR '<' 0041368F 7A DB 7A ; CHAR 'z' 00413690 60 DB 60 ; CHAR '`' 00413691 72 DB 72 ; CHAR 'r' 00413692 1A DB 1A 00413693 6D DB 6D ; CHAR 'm' 00413694 0D DB 0D 00413695 CE DB CE 00413696 36 DB 36 ; CHAR '6' 00413697 20 DB 20 ; CHAR ' ' 00413698 D6 DB D6 00413699 A9 DB A9 0041369A 95 DB 95 0041369B 08 DB 08 0041369C C7 DB C7 0041369D 91 DB 91 Greetings. |
|
|
|
|
|
[求助]Unknown UPX.
It's not correct dump. |
操作理由
RANk
{{ user_info.golds == '' ? 0 : user_info.golds }}
雪币
{{ experience }}
课程经验
{{ score }}
学习收益
{{study_duration_fmt}}
学习时长
基本信息
荣誉称号:
{{ honorary_title }}
能力排名:
No.{{ rank_num }}
等 级:
LV{{ rank_lv-100 }}
活跃值:
在线值:
浏览人数:{{ visits }}
最近活跃:{{ last_active_time }}
注册时间:{{ user_info.create_date_jsonfmt }}
勋章
兑换勋章
证书
证书查询 >
能力值