y0da 1.3.2 And 1.3.2

bLaCk.bytE · Posted: Sat Jan 28, 2006 10:15 pm Post subject: y0da 1.3.2 And 1.3.2

@haggar
first i wanna say thx about ur tutrial ..they are really great ! but :
i have some problem to unpack y0da 1.3.2 and 1.3.3
when i try 2 unpack this.in step 1 i patch BlockInput and Place BP on RETN4
on step 2 when try 2 patch GetCurrentProcessId some time its get number in Pid but some time give like DC4 and i cant Edit that " Unknown Identfiter"
ok next step when press F9 two times . it get error "Dont know how to bypass command at addres 004836AA try to change EIP or
passExseption to program "

My Exceptions : i check all thing under Exception only uncheck Ignore also Following custom Exception...

ok .. what can now do ? :p
i really like learn unpacking y0da ( i can unpack FSG , UPX , ...) but y0da is my problem !

notice : wwhen i go to 004836AA it's say Illegal use of Register

haggar · Regular Joined: 19 Mar 2005 Posts: 246

You need to read some basic OllyDbg tutorials.

When you enter hex numbers in Olly, for example AB, you need to place 0 (zero) before so Olly knows that it is number, example 0AB. So in your case enter 0DC4.

Exception problem, press Shift+F9. But there shouldn't be some exceptions. Anyhow, practice little and you'll get it.

bLaCk.bytE · Posted: Sun Jan 29, 2006 9:37 pm Post subject:

bLaCk.bytE · Posted: Mon Jan 30, 2006 9:55 pm Post subject:

Haggar my target unpacked !
thanks for Tut Wink

but another problem found ! i unpack 5 target ( VB)
i'm know work on y0da (main program ) it's packed with 1.3.3
i found OEP .. Dump (with olly Dump + Rebuild Checked option )
and when i wanna Fix IAT with Imprec .. it's Fixed but y0da dont run !
where is My problem ?