hi,

i tried to work on that program but the adress werent the same so i think the tut belongs to the version a. I traced it the same way as tsehp described and came to a Call esi.
I think the oep is there because after pressing f10 i get into the program.
I dumped it and fixed the sections but the program crashes.
Did anyone try the b version and made a successfull unpacked exe?

thanx for any tips or help.

siRl

did you check the iat's ? are they valid ?
could you show (with a listing) where the program crashes and why ?

hy,

after reading some other tutorials I came to the conclusion to step into the call and look for a calculated value which is in eax and a ret.
loop it and dump it with procdump.
I will try that first.

btw. sorry for posting the link in "crc-check".

greetz

siRl

siRl

you can also use the /trace feature of icedump, much more easy

hy,

thanks for the reply.
do you know any good resources with tutorials about how to use the tracex command
to get to the oep and further processing with unpacking?
I just read the tut by predator and he mentions it shortly.
I would like a little more of explanation and a program to test it.

greetz

siRl