ObsidiumUnpacker by winndy
winndywinndy This quote was last edited by winndy on 2009-11-28 20:43

http://www.unpack.cn/viewthread.php?tid=42938

ObsidiumUnpacker


winndy

CNwinndy@hotmail.com


The unpacker is not fully tested. Any bugs or feedbacks ,please contact me.

Use at your own risk!
1 Usage


Long option Short option Comment
--unpack -f The full path name of the target
--injectdll -i The full path name of the dll to be injected when stop at OEP
--funcname -n The function name to be called of the injected dll.The default name is DoJob.int DoJob(void* pData)The pData points to a structure.The first DWORD is the ImageBase of the target.The second DWORD is the ImageSize of the target.The third DWORD is the PID of the target.
--patch_registered Patch sdk function ‘isRegistered’ return true.Sometimes,this will cause error.
--DONT_PARSE_STOLEN Do not clear the junk code in the raw stolen code.If the unpacker is hang up, try to use this option.
--BE_QUIET Don’t ask the user when unpacking is done.
--help -h Print usage.





SDK fix is not supported yet.
2 Example

2.1 The simple example


ObsidiumUnpacker.exe --unpack=c:\testob.exe

Or ObsidiumUnpacker.exe -f c:\testob.exe


2.2 Use ObsidiumUnpacker as a loader, and inject a dll to crack it.


ObsidiumUnpacker.exe --unpack=c:\obsidium.exe --injectdll=c:\InjectToObsidium.dll

Or ObsidiumUnpacker.exe -f c:\obsidium.exe –i =c:\InjectToObsidium.dll

This will load the obsidium.exe and inject dll to crack it.


ObsidiumUnpacker.exe --unpack=c:\obsidium.exe --injectdll=c:\InjectToObsidium.dll --patch_registered

Or ObsidiumUnpacker.exe -f c:\obsidium.exe –i =c:\InjectToObsidium.dll --patch_registered

This will load the obsidium.exe and inject dll to crack it,and it will show “registered”.But this probably cause error.For obsidium v1.3.6.4 it will cause error.


If you have a customized function name,you can use like this:

ObsidiumUnpacker.exe -f c:\obsidium.exe -i =c:\InjectToObsidium.dll --funcname=YOURFUNCTION


2.3 be quiet option


ObsidiumUnpacker.exe --unpack=c:\testob.exe --BE_QUIET

Or ObsidiumUnpacker.exe -f c:\testob.exe
--BE_QUIET

This will cause the unpacker exit after it finishes its work.


3 History

2009.11.28

V 0.1 beta

Supported Obsidium version:

V1.3.5.7

V1.3.6.0

V1.3.6.1

V1.3.6.3

V1.3.6.4

SDK is not supported yet.

OS: WinXP SP3, Vista, other OS is not tested.
4 Bugs and Test

If you got bugs,please contact me.

The target size is limited to below 3M.

And the target must not be commercial software.

If the target is dll, you should also provide the exe associated with the dll.

And you must provide both the original file and the packed file.

The name of the packed file has the suffix of the version number of Obsidum and the OS.

For example,If the exe is aaa.exe,the and the obsidium is v1.3.6.4, the OS is XPSP3,the packed file name will be aaa_Ob1364_XP_SP3.exe.

And I don’t guarantee all the bugs will be fixed.Sorry.
5 Greetings

Reserved.

If you find some bugs, your name probably will be here. J

[招生]科锐逆向工程师培训(2024年11月15日实地，远程教学同时开班, 第51期)