|
|
 |
 |
 |
|
|
|
|
|
 |
|
 |
|
General Subjects
|
| Anything GameHacking related, not multiplayer, that doesn't go in the other subforums below. |
|
||||||
  |
|
|
LinkBack | Thread Tools | Display Modes |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
General Subjects
|
| Anything GameHacking related, not multiplayer, that doesn't go in the other subforums below. |
|
||||||
| |
|
|
LinkBack | Thread Tools | Display Modes |
(#2 (permalink))
|
|
Crew
 Posts: 170
Join Date: Sep 2006
Last Online: Today 04:49 AM Reputation:
 User is Offline
|
re: -
06-29-2009, 07:20 AM
Show's how to bypass one trick implemented by many packers.
Basically, find the 'pushad', usually one of, if not the first instructions. Step over. Hardware breakpoint dump value in esp. In other words, when 'popad' is executed break. Typically thereis either a jmp to OEP is push/ret to OEP after the popad. Once at OEP, dump file and fix imports with ImpRec. How the ESP trick actually works - KOrUPt Of course, themida may not use this method in which case my advice would be useless. But a cool trick nonetheless to know! Regarding specific themida help, not sure... maybe BiW Reversing - The challenge is yours can help. |
|
|
(#3 (permalink))
|
|
Posting Well
 Posts: 25
Join Date: Jan 2009
Last Online: 07-21-2009 10:21 PM Reputation:
User is Offline
|
06-29-2009, 10:47 AM
Quote Originally Posted by Ksbunker  Show's how to bypass one trick implemented by many packers.
Basically, find the 'pushad', usually one of, if not the first instructions. Step over. Hardware breakpoint dump value in esp. In other words, when 'popad' is executed break. Typically thereis either a jmp to OEP is push/ret to OEP after the popad. Once at OEP, dump file and fix imports with ImpRec. How the ESP trick actually works - KOrUPt Of course, themida may not use this method in which case my advice would be useless. But a cool trick nonetheless to know! Regarding specific themida help, not sure... maybe BiW Reversing - The challenge is yours can help. |
|
|
|
(#6 (permalink))
|
|
n00bie
Posts: 8
Join Date: Jun 2009
Last Online: 07-10-2009 07:14 AM Reputation:
User is Offline
 |
06-30-2009, 03:45 AM
Quote Originally Posted by W1z8it Eh?..
|
|
|
|
(#7 (permalink))
|
|
Posting Well
Posts: 25
Join Date: Jan 2009
Last Online: 07-21-2009 10:21 PM Reputation:
User is Offline
|
06-30-2009, 12:30 PM
Quote Originally Posted by bofoverflo Unpacking as in cracking. try out ARTEAM REDIRECT. It has everything you need in the forums.
|
|
|
|
(#8 (permalink))
|
|
Supervisor
![[Psych]'s Avatar](http://gamehacking.com/forums/avatars/-psych-.gif?dateline=1268086607)
 Posts: 1,615
Join Date: Jan 2008
Reputation:
User is Offline
|
07-01-2009, 05:16 PM
If you have zero unpacking experience, then going after Themida is like trying to get to the second floor of your house with no stairs... or something... heh
 You can't just breeze your way through using simple tricks which work on simple packers. Themida is a protector, and as such employs various techniques to deter reversing. However, provided you can setup your Olly well, then there are some ollyscripts around that will take care of plenty of targets. It's a cheap way out, but it may work for you, so maybe do that. Web... go... now  |
|
|
|
| Bookmarks |
| Thread Tools | |
| Display Modes | |
|
|
|
| New To Site? | Need Help? |
Linear Mode
