I read the unpack UPX Turtorial but I can't do the last

patuan84 · New to the board Joined: 31 Jul 2006 Posts: 1

this is the link for turtorial
http://www.reversing.be/article.php?story=20060112203459247&query=upx

I did all thing write until using OllyDump step and using imprec. somebody plz tell me more about it? thx in advance

tanatos · Frequent poster Joined: 16 Feb 2005 Posts: 68

how about this...go to the last lines of code in the program there should be something like this :
POPAD
JMP XXXXXXXX

now put a breakpoint on the jmp and do F9
it should break...then just go into the jmp(F7)
now you just dump with ollydump(without fixin imports)(also remember the EIP its being used(the new one))
now run ImpRec , select the exe,enter the EIP(the one above)... and fix imports.save imports do dump and your done