Contribute  :  Web Resources  :  Past Polls  :  Site Statistics  :  Downloads  :  Forum  
    BiW ReversingThe challenge is yours    
 Welcome to BiW Reversing
 Monday, December 17 2018 @ 04:06 PM CET
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

y0da 1.3.2 And 1.3.2

 
Post new topic   Reply to topic    www.reversing.be Forum Index -> Unpacking
View previous topic :: View next topic  
Author Message
bLaCk.bytE
New to the board
New to the board


Joined: 28 Jan 2006
Posts: 9
Location: Iran :X

PostPosted: Sat Jan 28, 2006 10:15 pm    Post subject: y0da 1.3.2 And 1.3.2 Reply with quote

@haggar
first i wanna say thx about ur tutrial ..they are really great ! but :
i have some problem to unpack y0da 1.3.2 and 1.3.3
when i try 2 unpack this.in step 1 i patch BlockInput and Place BP on RETN4
on step 2 when try 2 patch GetCurrentProcessId some time its get number in Pid but some time give like DC4 and i cant Edit that " Unknown Identfiter"
ok next step when press F9 two times . it get error "Dont know how to bypass command at addres 004836AA try to change EIP or
passExseption to program "

My Exceptions : i check all thing under Exception only uncheck Ignore also Following custom Exception...

ok .. what can now do ? :p
i really like learn unpacking y0da ( i can unpack FSG , UPX , ...) but y0da is my problem !

notice : wwhen i go to 004836AA it's say Illegal use of Register
Back to top
View user's profile Send private message
haggar
Regular
Regular


Joined: 19 Mar 2005
Posts: 246

PostPosted: Sun Jan 29, 2006 2:16 pm    Post subject: Reply with quote

You need to read some basic OllyDbg tutorials.

When you enter hex numbers in Olly, for example AB, you need to place 0 (zero) before so Olly knows that it is number, example 0AB. So in your case enter 0DC4.

Exception problem, press Shift+F9. But there shouldn't be some exceptions. Anyhow, practice little and you'll get it.
Back to top
View user's profile Send private message
bLaCk.bytE
New to the board
New to the board


Joined: 28 Jan 2006
Posts: 9
Location: Iran :X

PostPosted: Sun Jan 29, 2006 9:37 pm    Post subject: Reply with quote

haggar wrote:
You need to read some basic OllyDbg tutorials.

When you enter hex numbers in Olly, for example AB, you need to place 0 (zero) before so Olly knows that it is number, example 0AB. So in your case enter 0DC4.

Exception problem, press Shift+F9. But there shouldn't be some exceptions. Anyhow, practice little and you'll get it.


Laughing thanks Haggar ..it's really useful 4 me !

Wink
Back to top
View user's profile Send private message
bLaCk.bytE
New to the board
New to the board


Joined: 28 Jan 2006
Posts: 9
Location: Iran :X

PostPosted: Mon Jan 30, 2006 9:55 pm    Post subject: Reply with quote

Laughing Haggar my target unpacked !
thanks for Tut Wink

but another problem found ! i unpack 5 target ( VB)
i'm know work on y0da (main program ) it's packed with 1.3.3
i found OEP .. Dump (with olly Dump + Rebuild Checked option )
and when i wanna Fix IAT with Imprec .. it's Fixed but y0da dont run !
where is My problem ?
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    www.reversing.be Forum Index -> Unpacking All times are GMT + 1 Hour
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group
 Copyright © 2018 BiW Reversing
 All trademarks and copyrights on this page are owned by their respective owners.
Powered By Geeklog 
Created this page in 0.10 seconds