Devans Community
Indonesia :
Saya Harap Anda Login Atau Register Ke Forum kami
Untuk Mengetahui Isi Dari Forum Ini Tersebut

English :
I Hope you Login Or Register To Our Forum
To Learn Content From Forum This Cover

Spanyol :
I Por favor Ingresa o Registrar a nuestro foro
Para aprender de este foro debe relleno

Yunani :
Έχω Παρακαλώ Σύνδεση ή Εγγραφή στο φόρουμ μας
Για να μάθετε από αυτό το φόρουμ πρέπει να συμπληρώσει

Regards,




O'im
my Facebook :
oim.devans@facebook.com
Atau
Facebook Forum :
Devans_community@yahoo.com

--------------------------------------------------------



Info : Jika anda Berkenan, Harap Membuat Topik atau Membalas Comment untuk Meramaikan Suasana.


Selamat Datang di Devans Community
 
IndeksRulez ForumFAQPendaftaranLogin
Selamat Datang Di Devans Community - Tempat Berbagi dan Tempat Belajar Sesuatu yang indah
Selamat Bergabung di Devans Community.
Belajar itu indah
Anda Sopan Kami Segan, Anda Baik kami juga baik.
< Sertakan Credit , untuk mengetahui Itu Hak Milik Siapa !
< Selamat Menunaikan ibadah Puasa.
Siapa yang online ??
Total 1 user online :: 0 Terdaftar, 0 Tersembunyi dan 1 Tamu

Tidak ada

User online terbanyak adalah 53 pada Wed Aug 14 2013, 13:18
Similar topics
Login
Username:
Password:
Login otomatis: 
:: Lupa password?
Devans Community Navigation
 Portal
 Index
 Memberlist
 Profile
 FAQ
 Search
 Rulez Devans Community
Top posters
marlboro
 
sheen
 
sherge
 
DeVans
 
™†Devans†HUGO™
 
aburame
 
zha niedlich
 
utty_Sinaga
 
Fiqih
 
TukangCabul
 
Topic Terakhir ini
» Counter Strike: Condition Zero AMX Mod X and Death Match
Mon Apr 13 2015, 19:58 by dikaluis12

» Download Project Blackout Full Client (PB offline )
Sun Dec 07 2014, 07:49 by irfanagres

» RF TITANIUM 2.2.3.2 PVP SERVER
Mon Jun 23 2014, 00:46 by dhenisalfa

» RF OFFLINE Giga 4 Episode 1
Thu Jun 12 2014, 11:19 by kamaljaya

» RF While Neverdie To Pvp 2.2.3.2
Tue May 20 2014, 18:26 by dhenisalfa

» [Tips] Cara Biar Cewe Ketagihan Sex
Mon Apr 21 2014, 18:12 by *-D4k0c4n-*

» NEW RELEASE RF-PRISON 2.2.3.2 FULL PVP SERVER "Show Your Strength In Prison"
Thu Apr 17 2014, 16:39 by dhenisalfa

» Membuat Deatchmatch Map
Sun Apr 06 2014, 16:47 by *-D4k0c4n-*

» RF Gipsy 2.2.3.2 Full PvP Server
Thu Apr 03 2014, 16:04 by reyhan

Info Pendaftaran Devans
Total 3161 user terdaftar
User terdaftar terakhir adalah wildanfrst

Total 1897 kiriman artikel dari user in 730 subjects
December 2016
MonTueWedThuFriSatSun
   1234
567891011
12131415161718
19202122232425
262728293031 
CalendarCalendar
Pencarian
 
 

Display results as :
 
Rechercher Advanced Search

Share | 
 

 [Share ] Unpacking Yodas Protector 1.03.3

Topik sebelumnya Topik selanjutnya Go down 
PengirimMessage
sheen
Level 4
Level 4


Posting : 239
Gold Medal : 933
Bergabung Sejak : 23.07.10
Location : Palembang

Game Voting
Diecing Rollings:
1/1  (1/1)

PostSubyek: [Share ] Unpacking Yodas Protector 1.03.3    Thu Dec 23 2010, 21:45

Watch Online Tutorial : Click Here

Download Archives : Unpackme, Complete Tutorial Click Here

C:\Yodas Protector Unpacking.swf
Build 2 successfully completed
Created at: Sat Aug 14 08:28:53 2010
Flash player required: v6.0 or above
Size: 1654 KB
Total frames in main movie: 5160
Playback frame rate: 20
Approximate playback time: 258 seconds

Annotated text transcript:

Unpacking Yoda's Protector 1.03.3
Tools :

-OllyDBG
-OllyDump
-IsDebugPresent (If you need)
-LordPE
-TargetFile

This Tutorial is writen by Richard Irfan Yusan

richardyusan@rocketmail.com
The TargetFile ;-)
yoda's Protector 1.03.3 -> Ashkbiz Danehkar
Entryopy : PACKED
EP Check : PACKED
Load the target file to OllyDBG
Set your Exceptions Settings like this
make sure this checkbox is checked
If User32.dll already loaded into memory, set your ollydbg events setting back to normal
Uncheck !
Right Click > Go To > Expression

Or

CTRL + G
Type "BlockInput"
Fill with NOPs
Place Breakpoint here
F2
Now, we must fix IsDebuggerPresent

there are two method :

1.Manual Fix : Continue watching
2. Using IsDebuggerPresent OllyDBG plugin , you can skip this step
MOV EAX,0
GetCurrentProcessId

Case sensitive
Yoda uses CreateToolhelp32Snapshot to retrieve all running processes. Then , yoda search for process that started unpackme and it checks does that proces has same PID as unpackme itself. If not, yoda terminates that process which is OllyDbg.exe in our case. If we patch CreateToolhelp32Snapshot API, we will get Invalid_Handle exception. But there is another very easy way how to trick yoda. Yoda uses GetCurrentProcessId API to retrieve it's own PID. We can make yoda think that it is ollydbg.exe if we set that API to retireve olly's PID. How we can do that? By injecting simple patch.
00000730 is OllyDBG PID
730 mean ollydbg pid
Run Debugged Program

F9
We land at this breakpoint Very Happy
Run Debugged Program Again

F9
Set Memory BP on access
OEP
CTRL+A to analyze this code
UnPackMe file run without error Very Happy
;-)
Entropy : NOT PACKED
EPCheck : NOT PACKED
And UnPackMe Unpacked succesfully !

My Blog :
richardyusan.wordpress.com




Credit : RCD ( Richardyusan )
Kembali Ke Atas Go down
 
[Share ] Unpacking Yodas Protector 1.03.3
Topik sebelumnya Topik selanjutnya Kembali Ke Atas 
Halaman 1 dari 1
 Similar topics
-
» share lagu barat (tapi jangan metal :D)
» WTB - BODY PROTECTOR
» (Turun Harga Lagi-BU-Jaket RS Taichi RSJ825SOLD leather full protector Tinggal SIDI Vertigo No.42, 98%
» Dilema Jacket Full Protector
» jual body protector dainese atau alpinestar

Permissions in this forum:Anda tidak dapat menjawab topik
Devans Community :: Special Newbie :: Software Enginering-
Navigasi: