Contribute  :  Web Resources  :  Past Polls  :  Site Statistics  :  Downloads  :  Forum  
    BiW ReversingThe challenge is yours    
 Welcome to BiW Reversing
 Thursday, March 21 2019 @ 02:34 AM CET
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

windows visual C v5.0/6.0 unpack problem

 
Post new topic   This topic is locked: you cannot edit posts or make replies.    www.reversing.be Forum Index -> Unpacking
View previous topic :: View next topic  
Author Message
haxor1990
New to the board
New to the board


Joined: 14 Sep 2005
Posts: 3

PostPosted: Thu Sep 22, 2005 7:37 pm    Post subject: windows visual C v5.0/6.0 unpack problem Reply with quote

i'm new to unpacking and reversing for that matter. i have been working on a file
( hxxp://downloads.xara.com/downloads/software/xara3d4n.exe ) but made no progress cause its packed with windows viasual C v5.0/6.0 don't know which one. Embarassed

has anyone here beat this protection?
any help would be great Smile
Back to top
View user's profile Send private message
moniker
Regular
Regular


Joined: 05 Sep 2005
Posts: 123
Location: lage lande

PostPosted: Thu Sep 22, 2005 9:12 pm    Post subject: Reply with quote

maybe you should copy paste exactly what it said in peid

i am assuming it said something like:

microsoft visual c 5.0/6.0



however this is not a packer it's a compiler.
meaning the code is as good as your going to get it
Back to top
View user's profile Send private message
Khaosgott96
Frequent poster
Frequent poster


Joined: 15 Aug 2005
Posts: 74

PostPosted: Thu Sep 22, 2005 10:12 pm    Post subject: Reply with quote

yes like moniker said. if it says "MIcrosoft Visual C++ 6.0" it means that it is NOT packed but rather in its raw form. meaning that ur good to go and ready to start cracking.

PEiD identifies more than just packers it also identifies Compilers such as MASM/TASM, Delphi 6.0 / 7.0, Microsoft Visual C#, Microsoft Visual C++ 6.0 / 7.0, and i think Visual Basic too.

Good Luck...

regards
Back to top
View user's profile Send private message
haxor1990
New to the board
New to the board


Joined: 14 Sep 2005
Posts: 3

PostPosted: Fri Sep 23, 2005 5:40 pm    Post subject: Reply with quote

it does say Microsoft visual C++ 6.0 but when i disassemble it it comes out like this.
Code:
   Object01: .text    RVA: 00001000 Offset: 00001000 Size: 000B0592 Flags: 60000020
   Object02: WCODE    RVA: 000B2000 Offset: 000B2000 Size: 00006D99 Flags: E0000020
   Object03: .rdata   RVA: 000B9000 Offset: 000B9000 Size: 0002A1D0 Flags: 40000040
   Object04: .data    RVA: 000E4000 Offset: 000E4000 Size: 000087D0 Flags: C0000040
   Object05: .rsrc    RVA: 0012D000 Offset: 000ED000 Size: 0002E4E0 Flags: 40000040
   Object06:          RVA: 00000000 Offset: 00000000 Size: 00000000 Flags: 00000000
   Object07:          RVA: 00000000 Offset: 00000000 Size: 00000000 Flags: 00000000

Back to top
View user's profile Send private message
Knight
Regular
Regular


Joined: 21 Aug 2005
Posts: 122

PostPosted: Sat Sep 24, 2005 8:48 am    Post subject: Reply with quote

Man, do you know what are you doing at all? What you showed us is just section table. Don't know what tools are u using, but to get dissasembly from this file you should dissasemble .text section (it's at 1000h offset).
Maybe at first read some tutorials about reversing, pe file structure and about some other related things.

Regards,
Knight
Back to top
View user's profile Send private message
haxor1990
New to the board
New to the board


Joined: 14 Sep 2005
Posts: 3

PostPosted: Sat Sep 24, 2005 10:44 pm    Post subject: Reply with quote

yegh i know don't insult my intelligence see:
Code:
Object06:          RVA: 00000000 Offset: 00000000 Size: 00000000 Flags: 00000000


its like that till the end of the disassembly
all the way down to
Code:
Object44799:          RVA: 00000000 Offset: 00000000 Size: 00000000 Flags: 00000000

then the menu info
when i get to "Start of Code in Object .text" it just says where it is on my hard drive, nothing else.

And i'm using W32disasm 8.9.
Back to top
View user's profile Send private message
haggar
Regular
Regular


Joined: 19 Mar 2005
Posts: 246

PostPosted: Sat Sep 24, 2005 11:52 pm    Post subject: Reply with quote

haxor1990

Your file isn't packed and there is no point of continuing this thread.


Knight has told you what to do, read some papers about reversing because most of folks who have some experience doesn't understand you at all.

First download OllyDbg 1.10. Use google and you will find it easy. Olly is disassembler and debugger, a very good one. w32dasm is tool from past century, I think from 1995. When you find olly, then find some basic tutorials about assembler, cracking, simple things like patching nag windows, etc.
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   This topic is locked: you cannot edit posts or make replies.    www.reversing.be Forum Index -> Unpacking All times are GMT + 1 Hour
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group
 Copyright © 2019 BiW Reversing
 All trademarks and copyrights on this page are owned by their respective owners.
Powered By Geeklog 
Created this page in 0.22 seconds