By ro0ted | March 24, 2015 - 01:04 | Posted in /b/ | 12 Comments
#ro0ted #OpNewblood What the blackhats don’t want you to know: Manually unpacking in Olly

This is how to manually unpack with Ollydbg using the Ollydump plugin. – ro0ted


Ollydump should be in this the thread:


As soon as we load packed file we get this screen:


After that we select Yes.
Go to Plugins>Ollydump:


Then we get this screen:


UPX is the packer used here.
Double check in exeinfoPE:


So now we need to find the OEP.
You learned in my last tuts…OEP = Original Entry Point.

Toggle a break point on 004082AF we dont want to trace the decompress routine of it. Now press play.
Then press F8.


We stop here…12c0 is the OEP.
Now go back to plugins>Ollydump>Debugged Processes:


Now we load it in exeinfoPE:



Basically gotta find the offset of the OEP.






Check out my tutorials in my series…. “What the Blackhats don’t want you to know”


(In order)

Why am I teaching Reverse Engineering to inexperienced new Anons in OpNewblood?

Whitehat Lab

ASM Programming

Introduction Part 1 Ollydbg 

Introduction Part 2 Using Ollydbg and Tracing Botnets

Analyzing Botnets

 Introduction Part 3 Ollydbg: Cheating a Crackme

Introduction Part 4 Ollydbg: Your first Patch

Encryption 101

Cuckoo Sandbox: Automated Malware Analysis also known as

Introduction to Honeydrive: A Brief Walk Through

Installing Kippo the SSH Honeypot on a VPS Part 1: How to set it up

Resource Hacker

Dll Injection the Easy Way

Visual Basic Binaries Walk Through Part 1

Ollydbg on Steroids

Creating Patchers Part 1

Have you supported the gas mask campaign over the years?

Crack to win a gas mask gift pack

How to edit a register me crack me Pre Part 1

Unwinding Delphi Binaries Walk Through if not Preview

Cracking Delphi Part 2

Reversing Timed Trials: Ollydbg Tricks Part 3

Analyzing Adware

Preview Against Debugging

Bypassing Registering 101

Bypassing Part 2

Android/iOS Reversing

Introducing IDA Pro: Static Analyzing

Hacker’s Disassembler

Ripping Apart Adware

Never trust Warez or Cracked Programs: Reversing a Crypted IRC bot infected file


Unpacking & Crypting there is a difference

Covert Debugging whitepaper from

Manually Unpacking with Ollydbg +




(Visited 454 times, 1 visits today)

  • You can follow any responses to this entry through the RSS 2.0 feed.
  • Both comments and pings are currently closed.