yktan
January 16th, 2003, 01:08
Hi, I'm trying to unpack a program protected by UPX (pe-scan reports possible UPX 0.80 - 1.23) called unwc that can be found at h**p://www.etextwizard.com/download/unwc/unwc.zip
What I've done so far is:
(1) I traced through the unpacking routine and found that the possible OEP is at 4B8290.
(2) I put the program in an infinite loop at the jump and tried to do a full dump with both procdump and lordpe.
(3) After dumping, I tried to change the program entry point to B8290 using PEditor but when I tried to run it, it says "The application failed to initialize properly (0xc0000005). Click on OK to terminate the application.
(4) I did another full dump and used imprec to fix the IAT. But when I tried to run the program, it just disappears.
Can anyone tell me what I've done wrong? I've been fiddling with it for a few days but still can't find the problem. Thank you for your help.
Note: I'm using Win2k, if that will make any difference.
What I've done so far is:
(1) I traced through the unpacking routine and found that the possible OEP is at 4B8290.
(2) I put the program in an infinite loop at the jump and tried to do a full dump with both procdump and lordpe.
(3) After dumping, I tried to change the program entry point to B8290 using PEditor but when I tried to run it, it says "The application failed to initialize properly (0xc0000005). Click on OK to terminate the application.
(4) I did another full dump and used imprec to fix the IAT. But when I tried to run the program, it just disappears.
Can anyone tell me what I've done wrong? I've been fiddling with it for a few days but still can't find the problem. Thank you for your help.
Note: I'm using Win2k, if that will make any difference.