#ro0ted #OpNewblood What the blackhats don’t want you to know: Manually unpacking in Olly
This is how to manually unpack with Ollydbg using the Ollydump plugin. – ro0ted https://twitter.com/ro0ted/
Ollydump should be in this the thread:
As soon as we load packed file we get this screen:
After that we select Yes.
Go to Plugins>Ollydump:
Then we get this screen:
UPX is the packer used here.
Double check in exeinfoPE:
Toggle a break point on 004082AF we dont want to trace the decompress routine of it. Now press play.
Then press F8.
We stop here…12c0 is the OEP.
Now go back to plugins>Ollydump>Debugged Processes:
Now we load it in exeinfoPE:
Basically gotta find the offset of the OEP.
Check out my tutorials in my series…. “What the Blackhats don’t want you to know”
Manually Unpacking with Ollydbg +
(Visited 454 times, 1 visits today)
- You can follow any responses to this entry through the RSS 2.0 feed.
- Both comments and pings are currently closed.