Chal2. Easy Unpack Challenge | 0day in {REA

Archive for the ‘Chal2. Easy Unpack Challenge’ Category

Posted: January 26, 2016 in Chal2. Easy Unpack Challenge
Tags: reversing.kr

Load Easy_UnpackMe to OllyDBG, scroll down to find JMP instruction:

Figure 1

Set BP at 0040A1FB - E9 506FFFFF jmp Easy_Unp.00401150, press F9 to run. Stop at BP, press F8 to trace over, we get the OEP is 0x00401150:

Figure 2

Anotherway to find OEP is to set BP at GetVersion API:

Figure 3

End.

	Week 19 – 2024… on [QuickNote] Qakbot 5.0 –…
	[QuickNote] Phishing… on [QuickNote] Decrypting the C2…
	Week 17 – 2024… on [QuickNote] Qakbot 5.0 –…
	[QuickNote] Qakbot 5… on Unveiling Qakbot: Exploring on…
	Week 15 – 2024… on [QuickNote] Phishing email dis…