UsAr's UnpackMe
| Download unpackme.zip, 18 kb (password: crackmes.de) Browse contents of unpackme.zip unpack this and delete the nag message box
Difficulty: 4 - Needs special knowledge | RatingVotes: 6 View profile of UsAr » |
Solutions
Solution by EvOlUtIoN, published 19. jun, 2007; download (37 kb), password: crackmes.de or browse.
EvOlUtIoN has rated this crackme as boring.
Solution by deroko, published 16. jun, 2007; download (18 kb), password: crackmes.de or browse.
deroko has rated this crackme as quite nice.
Discussion and comments
| deroko 10. Jun 2007 | very nice, not that hard, but has some nice tricks. Took me around 30min to finish it :) |
|---|---|
| Zaphod 14. Jun 2007 | I hope someone will post a solution to this one. I can make it work in Olly, but apart from that I have no idea what to do :( |
| mrmag 14. Jun 2007 | yeah, please hand in your solution deroko. I fiddled around with this one for approx. 1 hour without even finding a way to make it run within olly. I hope I have some more time this weekend though -- to give it one more try ;) |
| deroko 15. Jun 2007 | my solution is with sice, still want me to upload it? |
| UsAr Author 15. Jun 2007 | Of course upload! I'm very want to read any solutions to unpacking this ;) |
| Shism 15. Jun 2007 | dereko could you solve the crackme with ollydbg??? |
| Shism 15. Jun 2007 | dereko could you solve the crackme with ollydbg??? Just to see how it would be done... Please? |
| EvOlUtIoN 15. Jun 2007 | i also solved crackme with ollydbg...i wrote a little tutorial but in italian language...UsAr knows it! It took me more or less time like deroko, but i avoided to cheat with memory protection. |
| deroko 15. Jun 2007 | cheat with memory protection? |
| EvOlUtIoN 16. Jun 2007 | Don't know...i attached my olly after NAG screen to solve it, because i found difficult to load it directly form olly, so i found OEP after messagebox. Don't know about memory protection used, or anti-debug i don't know...i bypassed all attaching with olly so in my opinion this was a very simple target! |
| mrmag 17. Jun 2007 | @EvOlUtIoN: I did this as well at first -- but I am interested in the method(s) used to prevent me running this thing inside Olly right from the start (or should I say entry point? ;) ). @deroko: I am very interested in the anti-debug tricks used, so if you solved it using sice and found them I would enjoy reading your solution to give a basis on how to approach this thing with Olly once more. |
| EvOlUtIoN 18. Jun 2007 | Sent my solution, i hope you'll like it |
| hardcoder 20. Jun 2007 | @EcOlUtIoN , excellant tutorial mate, you rocked it today |
| EvOlUtIoN 20. Jun 2007 | thanks hardcoder, anyway i think my solution is very simple...so i think this unpackme is 2 maximum 3 as difficulty |
| hardcoder 21. Jun 2007 | one more thing hardcoder , why does image size change form E00 to bigger, and why you choose full Raw dump , why not fix image header. please tell me I want to know everything |
| hardcoder 21. Jun 2007 | There is (I think) anti dump trick is used , please experts tell me how autor has implemented it. |
| deroko 21. Jun 2007 | CreateFileW on itself by finding it's name in PEB->PEB_LDR_DATA. You obviously didn't read both solutions :) |
| hardcoder 22. Jun 2007 | It's ok thanks |
| j00ru 24. Jan 2008 | I've solved it in an unusual way hahaha ;-)) Since I had some problems with accessing the .exe content when program was running, I wrote a ring0 driver hooking the NtOpenFile and NtCreateFile syscalls ;D It's really making me laugh ;p |
| apuromafo 14. Jun 2008 | other simple way is using the unpacker generic of deroko nice true, grat, see ya |
| Ox87k 14. Jun 2008 | @j00ru: would be very interesting to see your solution and your sources... can you write it? |
You may leave your comment, thoughts and discuss this crackme with other reversers here.
Acting childish will not be tolerated.
HTML and such will be left as-is, so don't try.