I use a piece of software that I have actually purchased (believe it or not) and I am interested in reversing it to find out how it's 30 day time restriction works. I will refrain from mentioning what the software is, as I wish to obey the forum rules.
Does anyone have any tips on how to get started? I have identified the packer: UPX 0.89.6 - 1.02 / 1.05 - 1.24 -> Markus & Laszlo (PEiD) and I have identified the code entry point:
unpacking UPX is piece of cake.
Open target in Olly, u should see first line: PUSHAD hopefully. It depends of UPX and packing method. Not every UPX packed app has PUSHAD. At least i know some. Then scroll down a bit and u will see POPAD and after this jmp to OEP.
Put BP on your POPAD (if it is the right one), press F9 in Olly, Olly beaks, press F8 2x and u will hopefully land at OEP. Dump this target with Olly dump plugin and u are lucky enough u dont even need to do nothing anymore, just run the unpacked app. If it does not run then remember the OEP and fix it with procdump. Sometimes OEP gets fcked up, the use good old IMPREC to recover EXE. Its very easy.
Just take some large app pack with upx and then try to unpack it.
Best way to learn is to make experiments and learn from your mistakes.
I learned all this by this way. And of course thanks to BIW tuts.
Posted: Sat Oct 08, 2005 11:27 am Post subject: hmmm
execute that jump you are on and you are into the unpacked exe...(unpacked in pc memory) and from there (guessin you are usin olly) do a string search and look for strings shown in the 30days trial...waitin for further results...
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum You can attach files in this forum You can download files in this forum